This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - SM K

From OWASP
Revision as of 14:53, 21 January 2016 by Dariodf (talk | contribs) (Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#98c477;">Cornucopia - Ecommerce Website - SM K</span>}} File:Cornucopia_-_Ecommerce_Website_SM_K....")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Cornucopia - Ecommerce Website SM K.png

Suit: Session management

Card/Value: K

Description:

Peter can bypass the session management controls because they have been self-built and/or are weak, instead of using a standard framework or approved tested module.

Technical Note:

Centralized session management routines are a good programming practice, but like other routines, developers need to understand how they work, how to use them and any limitations. These should preferably be the framework's in-built session management support. If third party session management libraries are used, it is important to test each routine before its implementation.

NB: This relates to what session management routines to use. See SM Q for application-wide coverage.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
58 3.1 - 21 14
60 28






« Previous Card | Session management | Next Card »