This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cornucopia - Ecommerce Website - SM 2"
From OWASP
(Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#98c477;">Cornucopia - Ecommerce Website - SM 2</span>}} File:Cornucopia_-_Ecommerce_Website_SM_2....") |
|||
Line 48: | Line 48: | ||
</tr> | </tr> | ||
</table> | </table> | ||
− | |||
− | |||
− | |||
Latest revision as of 16:20, 21 January 2016
Suit: Session management
Card/Value: 2
Description:
William has control over the generation of session identifiers.
Technical Note:
In general use the server or framework’s own session management controls, rather than creating custom code. The application should only recognize these session identifiers as valid, and the session identifier creation must always be done on a trusted system (e.g. server-side).
References:
OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
---|---|---|---|---|
58 | 3.10 | SE2 | 31 | 28 |
59 | 60 | |||
61 |