This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cornucopia - Ecommerce Website - C 6"
From OWASP
(Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#17365d;">Cornucopia - Ecommerce Website - C 6</span>}} File:Cornucopia_-_Ecommerce_Website_C_6.pn...") |
|||
Line 64: | Line 64: | ||
</tr> | </tr> | ||
</table> | </table> | ||
− | |||
− | |||
− | |||
<div style="padding:5px;background:LightGray;color:White;font-weight:bold;">[[Cornucopia_-_Ecommerce_Website_-_C_5|« Previous Card]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_C|Cornucopia]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_C_7|Next Card »]] </div> | <div style="padding:5px;background:LightGray;color:White;font-weight:bold;">[[Cornucopia_-_Ecommerce_Website_-_C_5|« Previous Card]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_C|Cornucopia]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_C_7|Next Card »]] </div> |
Latest revision as of 16:30, 21 January 2016
Suit: Cornucopia
Card/Value: 6
Description:
Aaron can bypass controls because error/exception handling is missing, or is implemented inconsistently or partially, or does not deny access by default (i.e. errors should terminate access/execution), or relies on handling by some other service or system.
Technical Note:
Ensure all forms of error are handled robustly and consistently (e.g. web server, application server, database server, JavaScript, other interpreters). This encompasses:
- Implement generic error messages and use custom error pages.
- The application should handle application errors and not rely on the server configuration.
- Properly free allocated memory when error conditions occur.
- Error handling logic associated with security controls should deny access by default.
- When exceptions occur, fail securely.
References:
OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
---|---|---|---|---|
109 | 8.4 | - | 54 | 4 |
110 | 98 | 11 | ||
111 | 164 | 23 | ||
112 | ||||
155 |