This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Cornucopia - Ecommerce Website - SM 8"

From OWASP
Jump to: navigation, search
 
Line 34: Line 34:
 
</tr>
 
</tr>
 
</table>
 
</table>
 +
 +
 +
 +
  
  

Latest revision as of 16:21, 21 January 2016

Cornucopia - Ecommerce Website SM 8.png

Suit: Session management

Card/Value: 8

Description:

Matt can abuse long sessions because the application does not require periodic re-authentication to check if privileges have changed.

Technical Note:

A user's privileges may change during a session. If this information is also stored in session data, it will not reflect the changes. Consider forcing re-authentication.

See Authentication AT 9 for other re-authentication requirements.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
96 - - 21 28





« Previous Card | Session management | Next Card »