This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - SM 10

From OWASP
Revision as of 16:22, 21 January 2016 by Dariodf (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Cornucopia - Ecommerce Website SM 10.png

Suit: Session management

Card/Value: 10

Description:

Marce can forge requests because per-session, or per-request for more critical actions, strong random tokens (i.e. anti-CSRF tokens) or similar are not being used for actions that change state.

Technical Note:

Consider supplementing standard session management with:

  • Per-session strong random tokens or parameters.
  • Per-request, as opposed to per-session, strong random tokens or parameters.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
73 4.16 IE4 62 18
74 111



« Previous Card | Session management | Next Card »
Retrieved from "https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_SM_10&oldid=207190"