This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - SM Q

From OWASP
Revision as of 14:51, 21 January 2016 by Dariodf (talk | contribs) (Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#98c477;">Cornucopia - Ecommerce Website - SM Q</span>}} File:Cornucopia_-_Ecommerce_Website_SM_Q....")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Cornucopia - Ecommerce Website SM Q.png

Suit: Session management

Card/Value: Q

Description:

Salim can bypass session management because it is not applied comprehensively and consistently across the application.

Technical Note:

Every part of the application and type of request should verify that the user has a valid current session (if required) and thus their privileges, before undertaking any other data validation and processing.

NB: This relates to application-wide session management control. See SM K for what session management routines to use.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
58 3.1 - 21 14
28






« Previous Card | Session management | Next Card »
Retrieved from "https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_SM_Q&oldid=207077"