https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_VE_10&feed=atom&action=history
Cornucopia - Ecommerce Website - VE 10 - Revision history
2024-03-28T18:00:27Z
Revision history for this page on the wiki
MediaWiki 1.27.2
https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_VE_10&diff=212063&oldid=prev
Dariodf at 20:07, 29 March 2016
2016-03-29T20:07:08Z
<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 20:07, 29 March 2016</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l13" >Line 13:</td>
<td colspan="2" class="diff-lineno">Line 13:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>Trust management is a popular technique for implementing information security, and specifically for access control policies. All data sources of an application are be classified into groups with varying degrees of trust. When doing this, it is imperative to ensure that trusted sources cannot be spoofed. This spoofing can be done in many ways:</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>Trust management is a popular technique for implementing information security, and specifically for access control policies. All data sources of an application are be classified into groups with varying degrees of trust. When doing this, it is imperative to ensure that trusted sources cannot be spoofed. This spoofing can be done in many ways:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Reflection attack.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Reflection attack.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* <del class="diffchange diffchange-inline">Principle </del>Spoof.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins class="diffchange diffchange-inline">Principal </ins>Spoof.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* JSON Hijacking.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* JSON Hijacking.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Registry Poisoning.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Registry Poisoning.</div></td></tr>
</table>
Dariodf
https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_VE_10&diff=207018&oldid=prev
Dariodf: Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#929292;">Cornucopia - Ecommerce Website - VE 10</span>}} File:Cornucopia_-_Ecommerce_Website_VE_1..."
2016-01-21T14:18:28Z
<p>Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#929292;">Cornucopia - Ecommerce Website - VE 10</span>}} File:Cornucopia_-_Ecommerce_Website_VE_1..."</p>
<p><b>New page</b></p><div>{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#929292;">Cornucopia - Ecommerce Website - VE 10</span>}}<br />
[[File:Cornucopia_-_Ecommerce_Website_VE_10.png|frame|right]]<br />
'''Suit:''' [[Cornucopia_-_Ecommerce_Website_-_VE|Data Validation and Encoding]]<br />
<br />
'''Card/Value:''' 10<br />
<br />
=== Description: ===<br />
<br />
Jerry can exploit the trust the application places in a source of data (e.g. user-definable data, manipulation of locally stored data, alteration to state data on a client device, lack of verification of identity during data validation such as Jerry can pretend to be Colin).<br />
<br />
=== Technical Note: ===<br />
<br />
Trust management is a popular technique for implementing information security, and specifically for access control policies. All data sources of an application are be classified into groups with varying degrees of trust. When doing this, it is imperative to ensure that trusted sources cannot be spoofed. This spoofing can be done in many ways:<br />
* Reflection attack.<br />
* Principle Spoof.<br />
* JSON Hijacking.<br />
* Registry Poisoning.<br />
* MITM.<br />
* XSS.<br />
Attackers that are identified as trusted users or that are in a trusted zone with bad authentication techniques can do all sorts of things, depending on the services, such as:<br />
* Sniffing.<br />
* Data tampering.<br />
* Code Injection.<br />
* DoS.<br />
<br />
=== References: ===<br />
<br />
<table class="wikitable" style="text-align:center;"><br />
<br />
<tr><br />
<th>OWASP SCP </th><br />
<th>OWASP ASVS </th><br />
<th>OWASP AppSensor </th><br />
<th>CAPEC </th><br />
<th>SAFECODE </th><br />
</tr><br />
<br />
<tr><br />
<td>[[OWASP_Secure_Coding_Practices_Checklist#2|2]]</td><br />
<td>[[OWASP_Application_Security_Verification_Standard#10.6|10.6]]</td><br />
<td>[[AppSensor_DetectionPoints#IE4|IE4]]</td><br />
<td>[https://capec.mitre.org/data/definitions/12.html 12]</td><br />
<td>[[SAFECode_Practical_Security_Stories#14|14]]</td><br />
</tr><br />
<br />
<tr><br />
<td>[[OWASP_Secure_Coding_Practices_Checklist#19|19]]</td><br />
<td> </td><br />
<td>[[AppSensor_DetectionPoints#IE5|IE5]]</td><br />
<td>[https://capec.mitre.org/data/definitions/51.html 51]</td><br />
<td> </td><br />
</tr><br />
<br />
<tr><br />
<td>[[OWASP_Secure_Coding_Practices_Checklist#92|92]]</td><br />
<td> </td><br />
<td> </td><br />
<td>[https://capec.mitre.org/data/definitions/57.html 57]</td><br />
<td> </td><br />
</tr><br />
<br />
<tr><br />
<td>[[OWASP_Secure_Coding_Practices_Checklist#95|95]]</td><br />
<td> </td><br />
<td> </td><br />
<td>[https://capec.mitre.org/data/definitions/90.html 90]</td><br />
<td> </td><br />
</tr><br />
<br />
<tr><br />
<td>[[OWASP_Secure_Coding_Practices_Checklist#180|180]]</td><br />
<td> </td><br />
<td> </td><br />
<td>[https://capec.mitre.org/data/definitions/111.html 111]</td><br />
<td> </td><br />
</tr><br />
<br />
<tr><br />
<td> </td><br />
<td> </td><br />
<td> </td><br />
<td>[https://capec.mitre.org/data/definitions/145.html 145]</td><br />
<td> </td><br />
</tr><br />
<br />
<tr><br />
<td> </td><br />
<td> </td><br />
<td> </td><br />
<td>[https://capec.mitre.org/data/definitions/194.html 194]</td><br />
<td> </td><br />
</tr><br />
<br />
<tr><br />
<td> </td><br />
<td> </td><br />
<td> </td><br />
<td>[https://capec.mitre.org/data/definitions/195.html 195]</td><br />
<td> </td><br />
</tr><br />
<br />
<tr><br />
<td> </td><br />
<td> </td><br />
<td> </td><br />
<td>[https://capec.mitre.org/data/definitions/202.html 202]</td><br />
<td> </td><br />
</tr><br />
<br />
<tr><br />
<td> </td><br />
<td> </td><br />
<td> </td><br />
<td>[https://capec.mitre.org/data/definitions/218.html 218]</td><br />
<td> </td><br />
</tr><br />
<br />
<tr><br />
<td> </td><br />
<td> </td><br />
<td> </td><br />
<td>[https://capec.mitre.org/data/definitions/463.html 463]</td><br />
<td></td><br />
</tr><br />
</table><br />
<br />
<br />
<br />
<div style="padding:5px;background:LightGray;color:White;font-weight:bold;">[[Cornucopia_-_Ecommerce_Website_-_VE_9|« Previous Card]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_VE|Data Validation and Encoding]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_VE_J|Next Card »]] </div></div>
Dariodf