Difference between revisions of "Cornucopia - Ecommerce Website - SM 10"

Latest revision as of 16:22, 21 January 2016

Cornucopia - Ecommerce Website SM 10.png

Card/Value: 10

Description:

Marce can forge requests because per-session, or per-request for more critical actions, strong random tokens (i.e. anti-CSRF tokens) or similar are not being used for actions that change state.

Technical Note:

Consider supplementing standard session management with:

Per-session strong random tokens or parameters.
Per-request, as opposed to per-session, strong random tokens or parameters.

References:

OWASP SCP	OWASP ASVS	OWASP AppSensor	CAPEC	SAFECODE
73	4.16	IE4	62	18
74			111

« Previous Card | Session management | Next Card »

Revision as of 14:51, 21 January 2016 (view source) Dariodf (talk \| contribs) (Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#98c477;">Cornucopia - Ecommerce Website - SM 10</span>}} File:Cornucopia_-_Ecommerce_Website_SM_1...")		Latest revision as of 16:22, 21 January 2016 (view source) Dariodf (talk \| contribs)
Line 42:		Line 42:
	</tr>		</tr>
	</table>		</table>
−
−
−
−
−
−

Difference between revisions of "Cornucopia - Ecommerce Website - SM 10"

Latest revision as of 16:22, 21 January 2016

Description:

Technical Note:

References:

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools