This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cornucopia - Ecommerce Website - SM K"
(Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#98c477;">Cornucopia - Ecommerce Website - SM K</span>}} File:Cornucopia_-_Ecommerce_Website_SM_K....") |
|||
Line 42: | Line 42: | ||
</tr> | </tr> | ||
</table> | </table> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Latest revision as of 16:23, 21 January 2016
Suit: Session management
Card/Value: K
Description:
Peter can bypass the session management controls because they have been self-built and/or are weak, instead of using a standard framework or approved tested module.
Technical Note:
Centralized session management routines are a good programming practice, but like other routines, developers need to understand how they work, how to use them and any limitations. These should preferably be the framework's in-built session management support. If third party session management libraries are used, it is important to test each routine before its implementation.
NB: This relates to what session management routines to use. See SM Q for application-wide coverage.
References:
OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
---|---|---|---|---|
58 | 3.1 | - | 21 | 14 |
60 | 28 |