This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cornucopia - Ecommerce Website - AZ K"
From OWASP
(Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#d9c049;">Cornucopia - Ecommerce Website - AZ K</span>}} File:Cornucopia_-_Ecommerce_Website_AZ_K....") |
|||
Line 45: | Line 45: | ||
</tr> | </tr> | ||
</table> | </table> | ||
− | |||
− | |||
Latest revision as of 16:26, 21 January 2016
Suit: Authorization
Card/Value: K
Description:
Ryan can influence or alter authorization controls and permissions, and can therefore bypass them.
Technical Note:
Use only trusted system objects, e.g. server side session objects, for making access authorization decisions. Restrict access to user and data attributes and policy information used by access controls. Server side implementation and presentation layer representations of access control rules must match.
References:
OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
---|---|---|---|---|
77 | 4.9 | - | 56 | 8 |
89 | 4.10 | 207 | 10 | |
91 | 4.11 | 211 | 11 |