This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - SM 10

From OWASP
Jump to: navigation, search
Cornucopia - Ecommerce Website SM 10.png

Suit: Session management

Card/Value: 10

Description:

Marce can forge requests because per-session, or per-request for more critical actions, strong random tokens (i.e. anti-CSRF tokens) or similar are not being used for actions that change state.

Technical Note:

Consider supplementing standard session management with:

  • Per-session strong random tokens or parameters.
  • Per-request, as opposed to per-session, strong random tokens or parameters.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
73 4.16 IE4 62 18
74 111



« Previous Card | Session management | Next Card »