This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Cornucopia - Ecommerce Website - SM K"

From OWASP
Jump to: navigation, search
(Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#98c477;">Cornucopia - Ecommerce Website - SM K</span>}} File:Cornucopia_-_Ecommerce_Website_SM_K....")
 
 
Line 42: Line 42:
 
</tr>
 
</tr>
 
</table>
 
</table>
 
 
 
 
 
 
 
  
  

Latest revision as of 16:23, 21 January 2016

Cornucopia - Ecommerce Website SM K.png

Suit: Session management

Card/Value: K

Description:

Peter can bypass the session management controls because they have been self-built and/or are weak, instead of using a standard framework or approved tested module.

Technical Note:

Centralized session management routines are a good programming practice, but like other routines, developers need to understand how they work, how to use them and any limitations. These should preferably be the framework's in-built session management support. If third party session management libraries are used, it is important to test each routine before its implementation.

NB: This relates to what session management routines to use. See SM Q for application-wide coverage.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
58 3.1 - 21 14
60 28



« Previous Card | Session management | Next Card »