This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - SM 4

From OWASP
Revision as of 14:48, 21 January 2016 by Dariodf (talk | contribs) (Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#98c477;">Cornucopia - Ecommerce Website - SM 4</span>}} File:Cornucopia_-_Ecommerce_Website_SM_4....")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Cornucopia - Ecommerce Website SM 4.png

Suit: Session management

Card/Value: 4

Description:

Alison can set session identification cookies on another web application because the domain and path are not restricted sufficiently.

Technical Note:

There may be reasons to share sessions across multiple applications, but if one of those applications is less secure it might be used to compromise another.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
59 3.12 SE2 31 28
61 61






« Previous Card | Session management | Next Card »
Retrieved from "https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_SM_4&oldid=207069"