Cornucopia - Ecommerce Website - SM Q
Suit: Session management
Salim can bypass session management because it is not applied comprehensively and consistently across the application.
Every part of the application and type of request should verify that the user has a valid current session (if required) and thus their privileges, before undertaking any other data validation and processing.
NB: This relates to application-wide session management control. See SM K for what session management routines to use.
|OWASP SCP||OWASP ASVS||OWASP AppSensor||CAPEC||SAFECODE|