This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Cornucopia - Ecommerce Website - CR 8"

From OWASP
Jump to: navigation, search
(Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#a395ca;">Cornucopia - Ecommerce Website - CR 8</span>}} File:Cornucopia_-_Ecommerce_Website_CR_8....")
 
 
Line 59: Line 59:
 
   </tr>
 
   </tr>
 
</table>
 
</table>
 
 
  
  
  
 
<div style="padding:5px;background:LightGray;color:White;font-weight:bold;">[[Cornucopia_-_Ecommerce_Website_-_CR_7|« Previous Card]] <span style="padding-left:10px;padding-right:10px;">|</span>  [[Cornucopia_-_Ecommerce_Website_-_CR|Cryptography]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_CR_9|Next Card »]] </div>
 
<div style="padding:5px;background:LightGray;color:White;font-weight:bold;">[[Cornucopia_-_Ecommerce_Website_-_CR_7|« Previous Card]] <span style="padding-left:10px;padding-right:10px;">|</span>  [[Cornucopia_-_Ecommerce_Website_-_CR|Cryptography]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_CR_9|Next Card »]] </div>

Latest revision as of 16:28, 21 January 2016

Cornucopia - Ecommerce Website CR 8.png

Suit: Cryptography

Card/Value: 8

Description:

Eoin can access stored business data (e.g. passwords, session identifiers, PII, cardholder data) because it is not securely encrypted or securely hashed.

Technical Note:

NB: The key concept for this card is protection of stored data.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
30 2.13 - 31 21
31 7.7 37 29
70 7.8 55 31
133 8.10
135 9.2


« Previous Card | Cryptography | Next Card »