This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Cornucopia - Ecommerce Website - C 6"

From OWASP
Jump to: navigation, search
(Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#17365d;">Cornucopia - Ecommerce Website - C 6</span>}} File:Cornucopia_-_Ecommerce_Website_C_6.pn...")
 
 
Line 64: Line 64:
 
   </tr>
 
   </tr>
 
</table>
 
</table>
 
 
 
  
  
 
<div style="padding:5px;background:LightGray;color:White;font-weight:bold;">[[Cornucopia_-_Ecommerce_Website_-_C_5|« Previous Card]] <span style="padding-left:10px;padding-right:10px;">|</span>  [[Cornucopia_-_Ecommerce_Website_-_C|Cornucopia]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_C_7|Next Card »]] </div>
 
<div style="padding:5px;background:LightGray;color:White;font-weight:bold;">[[Cornucopia_-_Ecommerce_Website_-_C_5|« Previous Card]] <span style="padding-left:10px;padding-right:10px;">|</span>  [[Cornucopia_-_Ecommerce_Website_-_C|Cornucopia]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_C_7|Next Card »]] </div>

Latest revision as of 16:30, 21 January 2016

Cornucopia - Ecommerce Website C 6.png

Suit: Cornucopia

Card/Value: 6

Description:

Aaron can bypass controls because error/exception handling is missing, or is implemented inconsistently or partially, or does not deny access by default (i.e. errors should terminate access/execution), or relies on handling by some other service or system.

Technical Note:

Ensure all forms of error are handled robustly and consistently (e.g. web server, application server, database server, JavaScript, other interpreters). This encompasses:

  • Implement generic error messages and use custom error pages.
  • The application should handle application errors and not rely on the server configuration.
  • Properly free allocated memory when error conditions occur.
  • Error handling logic associated with security controls should deny access by default.
  • When exceptions occur, fail securely.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
109 8.4 - 54 4
110 98 11
111 164 23
112
155


« Previous Card | Cornucopia | Next Card »