Cornucopia - Ecommerce Website - SM K
Suit: Session management
Peter can bypass the session management controls because they have been self-built and/or are weak, instead of using a standard framework or approved tested module.
Centralized session management routines are a good programming practice, but like other routines, developers need to understand how they work, how to use them and any limitations. These should preferably be the framework's in-built session management support. If third party session management libraries are used, it is important to test each routine before its implementation.
NB: This relates to what session management routines to use. See SM Q for application-wide coverage.
|OWASP SCP||OWASP ASVS||OWASP AppSensor||CAPEC||SAFECODE|