https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_CR_5&feed=atom&action=history
Cornucopia - Ecommerce Website - CR 5 - Revision history
2024-03-29T10:33:46Z
Revision history for this page on the wiki
MediaWiki 1.27.2
https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_CR_5&diff=212070&oldid=prev
Dariodf at 20:37, 29 March 2016
2016-03-29T20:37:57Z
<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 20:37, 29 March 2016</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l11" >Line 11:</td>
<td colspan="2" class="diff-lineno">Line 11:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>=== Technical Note: ===</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>=== Technical Note: ===</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">Crypotographic </del>function errors always need to result in rejection. It is also useful to log (associated with the user's identity if possible) and flag these as possibly malicious activity for further analysis, or as input for application intrusion detection systems.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">Cryptographic </ins>function errors always need to result in rejection. It is also useful to log (associated with the user's identity if possible) and flag these as possibly malicious activity for further analysis, or as input for application intrusion detection systems.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>NB: Unlike [[Cornucopia_-_Ecommerce_Website_-_CR|other cards in this suit]], CR 5 assumes that cryptographic functions are in place, however they do not correctly respond to errors.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>NB: Unlike [[Cornucopia_-_Ecommerce_Website_-_CR|other cards in this suit]], CR 5 assumes that cryptographic functions are in place, however they do not correctly respond to errors.</div></td></tr>
</table>
Dariodf
https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_CR_5&diff=207209&oldid=prev
Dariodf at 16:27, 21 January 2016
2016-01-21T16:27:42Z
<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 16:27, 21 January 2016</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l40" >Line 40:</td>
<td colspan="2" class="diff-lineno">Line 40:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   </tr></div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   </tr></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div></table></div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div></table></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
</table>
Dariodf
https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_CR_5&diff=207123&oldid=prev
Dariodf: Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#a395ca;">Cornucopia - Ecommerce Website - CR 5</span>}} File:Cornucopia_-_Ecommerce_Website_CR_5...."
2016-01-21T15:12:53Z
<p>Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#a395ca;">Cornucopia - Ecommerce Website - CR 5</span>}} File:Cornucopia_-_Ecommerce_Website_CR_5...."</p>
<p><b>New page</b></p><div>{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#a395ca;">Cornucopia - Ecommerce Website - CR 5</span>}}<br />
[[File:Cornucopia_-_Ecommerce_Website_CR_5.png|frame|right]]<br />
'''Suit:''' [[Cornucopia_-_Ecommerce_Website_-_CR|Cryptography]]<br />
<br />
'''Card/Value:''' 5<br />
<br />
=== Description: ===<br />
<br />
Kyle can bypass cryptographic controls because they do not fail securely (i.e. they default to unprotected).<br />
<br />
=== Technical Note: ===<br />
<br />
Crypotographic function errors always need to result in rejection. It is also useful to log (associated with the user's identity if possible) and flag these as possibly malicious activity for further analysis, or as input for application intrusion detection systems.<br />
<br />
NB: Unlike [[Cornucopia_-_Ecommerce_Website_-_CR|other cards in this suit]], CR 5 assumes that cryptographic functions are in place, however they do not correctly respond to errors.<br />
<br />
=== References: ===<br />
<br />
<table class="wikitable" style="text-align:center;"><br />
<tr><br />
<th>OWASP SCP</th><br />
<th>OWASP ASVS</th><br />
<th>OWASP AppSensor</th><br />
<th>CAPEC</th><br />
<th>SAFECODE</th><br />
</tr><br />
<tr><br />
<td>[[OWASP_Secure_Coding_Practices_Checklist#103|103]]</td><br />
<td>[[OWASP_Application_Security_Verification_Standard#7.2|7.2]]</td><br />
<td>-</td><br />
<td>[https://capec.mitre.org/data/definitions/97.html 97]</td><br />
<td>[[SAFECode_Practical_Security_Stories#21|21]]</td><br />
</tr><br />
<tr><br />
<td>[[OWASP_Secure_Coding_Practices_Checklist#145|145]]</td><br />
<td>[[SAFECode_Practical_Security_Stories#29|29]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
</table><br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<div style="padding:5px;background:LightGray;color:White;font-weight:bold;">[[Cornucopia_-_Ecommerce_Website_-_CR_4|« Previous Card]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_CR|Cryptography]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_CR_6|Next Card »]] </div></div>
Dariodf