This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - SM 8

From OWASP
Revision as of 14:50, 21 January 2016 by Dariodf (talk | contribs) (Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#98c477;">Cornucopia - Ecommerce Website - SM 8</span>}} File:Cornucopia_-_Ecommerce_Website_SM_8....")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Cornucopia - Ecommerce Website SM 8.png

Suit: Session management

Card/Value: 8

Description:

Matt can abuse long sessions because the application does not require periodic re-authentication to check if privileges have changed.

Technical Note:

A user's privileges may change during a session. If this information is also stored in session data, it will not reflect the changes. Consider forcing re-authentication.

See Authentication AT 9 for other re-authentication requirements.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
96 - - 21 28







« Previous Card | Session management | Next Card »
Retrieved from "https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_SM_8&oldid=207073"