This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - C 6

From OWASP
Revision as of 15:24, 21 January 2016 by Dariodf (talk | contribs) (Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#17365d;">Cornucopia - Ecommerce Website - C 6</span>}} File:Cornucopia_-_Ecommerce_Website_C_6.pn...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Cornucopia - Ecommerce Website C 6.png

Suit: Cornucopia

Card/Value: 6

Description:

Aaron can bypass controls because error/exception handling is missing, or is implemented inconsistently or partially, or does not deny access by default (i.e. errors should terminate access/execution), or relies on handling by some other service or system.

Technical Note:

Ensure all forms of error are handled robustly and consistently (e.g. web server, application server, database server, JavaScript, other interpreters). This encompasses:

  • Implement generic error messages and use custom error pages.
  • The application should handle application errors and not rely on the server configuration.
  • Properly free allocated memory when error conditions occur.
  • Error handling logic associated with security controls should deny access by default.
  • When exceptions occur, fail securely.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
109 8.4 - 54 4
110 98 11
111 164 23
112
155



« Previous Card | Cornucopia | Next Card »
Retrieved from "https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_C_6&oldid=207150"