This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - AZ Q

From OWASP
Revision as of 16:26, 21 January 2016 by Dariodf (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Cornucopia - Ecommerce Website AZ Q.png

Suit: Authorization

Card/Value: Q

Description:

Christopher can inject a command that the application will run at a higher privilege level.

Technical Note:

Firstly apply appropriate input validation and encoding. In cases where the application must run with elevated privileges, raise privileges as late as possible, and drop them as soon as possible.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
209 5.12 - 17 8
15.7 30 10
69 11
234



« Previous Card | Authorization | Next Card »