This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - SM 4

From OWASP
Jump to: navigation, search
Cornucopia - Ecommerce Website SM 4.png

Suit: Session management

Card/Value: 4

Description:

Alison can set session identification cookies on another web application because the domain and path are not restricted sufficiently.

Technical Note:

There may be reasons to share sessions across multiple applications, but if one of those applications is less secure it might be used to compromise another.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
59 3.12 SE2 31 28
61 61





« Previous Card | Session management | Next Card »