Cornucopia - Ecommerce Website - CR 5
Kyle can bypass cryptographic controls because they do not fail securely (i.e. they default to unprotected).
Cryptographic function errors always need to result in rejection. It is also useful to log (associated with the user's identity if possible) and flag these as possibly malicious activity for further analysis, or as input for application intrusion detection systems.
NB: Unlike other cards in this suit, CR 5 assumes that cryptographic functions are in place, however they do not correctly respond to errors.
|OWASP SCP||OWASP ASVS||OWASP AppSensor||CAPEC||SAFECODE|