This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - C 6

From OWASP
Jump to: navigation, search
Cornucopia - Ecommerce Website C 6.png

Suit: Cornucopia

Card/Value: 6

Description:

Aaron can bypass controls because error/exception handling is missing, or is implemented inconsistently or partially, or does not deny access by default (i.e. errors should terminate access/execution), or relies on handling by some other service or system.

Technical Note:

Ensure all forms of error are handled robustly and consistently (e.g. web server, application server, database server, JavaScript, other interpreters). This encompasses:

  • Implement generic error messages and use custom error pages.
  • The application should handle application errors and not rely on the server configuration.
  • Properly free allocated memory when error conditions occur.
  • Error handling logic associated with security controls should deny access by default.
  • When exceptions occur, fail securely.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
109 8.4 - 54 4
110 98 11
111 164 23
112
155


« Previous Card | Cornucopia | Next Card »