This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cornucopia - Ecommerce Website - VE 8"
(Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#929292;">Cornucopia - Ecommerce Website - VE 8</span>}} File:Cornucopia_-_Ecommerce_Website_VE_8....") |
|||
Line 67: | Line 67: | ||
</tr> | </tr> | ||
</table> | </table> | ||
− | |||
− | |||
<div style="padding:5px;background:LightGray;color:White;font-weight:bold;">[[Cornucopia_-_Ecommerce_Website_-_VE_7|« Previous Card]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_VE|Data Validation and Encoding]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_VE_9|Next Card »]] </div> | <div style="padding:5px;background:LightGray;color:White;font-weight:bold;">[[Cornucopia_-_Ecommerce_Website_-_VE_7|« Previous Card]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_VE|Data Validation and Encoding]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_VE_9|Next Card »]] </div> |
Latest revision as of 15:56, 21 January 2016
Suit: Data Validation and Encoding
Card/Value: 8
Description:
Sarah can bypass the centralized sanitization routines since they are not being used comprehensively.
Technical Note:
Sanitization may be used to strip some inputs or outputs of certain unwanted characters. It is not a substitute for data validation and encoding, but may be used in combination (e.g. to remove leading/trailing whitespace from keyboard input). If sanitization is part of the validation and encoding processes, ensure that no relevant input/output is excluded, or can be bypassed by submitting data through a different input stream (e.g. GET instead of POST) or using a different app (e.g. mobile vs. desktop).
NB: The key concept for this card is use of sanitization, and whether such routines are comprehensively applied.
References:
OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
---|---|---|---|---|
15 | 28 | 2 | ||
169 | 31 | 17 | ||
152 | ||||
160 | ||||
468 |