This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - SM 8

From OWASP
Revision as of 16:21, 21 January 2016 by Dariodf (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Cornucopia - Ecommerce Website SM 8.png

Suit: Session management

Card/Value: 8

Description:

Matt can abuse long sessions because the application does not require periodic re-authentication to check if privileges have changed.

Technical Note:

A user's privileges may change during a session. If this information is also stored in session data, it will not reflect the changes. Consider forcing re-authentication.

See Authentication AT 9 for other re-authentication requirements.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
96 - - 21 28





« Previous Card | Session management | Next Card »
Retrieved from "https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_SM_8&oldid=207188"