This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cornucopia - Ecommerce Website - CR 2"
From OWASP
Line 11: | Line 11: | ||
=== Technical Note: === | === Technical Note: === | ||
− | There is no substitute for a proper, approved, cryptographic function where data needs to be protected at rest or in transit. Obfuscation is rarely the correct choice. Use standard- | + | There is no substitute for a proper, approved, cryptographic function where data needs to be protected at rest or in transit. Obfuscation is rarely the correct choice. Use standard-approved functions and consider all cryptographic management requirements (e.g. key creation, distribution, protection, replacement, retirement). |
=== References: === | === References: === |
Latest revision as of 20:37, 29 March 2016
Suit: Cryptography
Card/Value: 2
Description:
Kyun can access data because it has been obfuscated rather than using an approved cryptographic function.
Technical Note:
There is no substitute for a proper, approved, cryptographic function where data needs to be protected at rest or in transit. Obfuscation is rarely the correct choice. Use standard-approved functions and consider all cryptographic management requirements (e.g. key creation, distribution, protection, replacement, retirement).
References:
OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
---|---|---|---|---|
105 | - | - | - | 21 |
133 | 29 | |||
135 |