This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - VE 8

From OWASP
Revision as of 14:17, 21 January 2016 by Dariodf (talk | contribs) (Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#929292;">Cornucopia - Ecommerce Website - VE 8</span>}} File:Cornucopia_-_Ecommerce_Website_VE_8....")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Cornucopia - Ecommerce Website VE 8.png

Suit: Data Validation and Encoding

Card/Value: 8

Description:

Sarah can bypass the centralized sanitization routines since they are not being used comprehensively.

Technical Note:

Sanitization may be used to strip some inputs or outputs of certain unwanted characters. It is not a substitute for data validation and encoding, but may be used in combination (e.g. to remove leading/trailing whitespace from keyboard input). If sanitization is part of the validation and encoding processes, ensure that no relevant input/output is excluded, or can be bypassed by submitting data through a different input stream (e.g. GET instead of POST) or using a different app (e.g. mobile vs. desktop).

NB: The key concept for this card is use of sanitization, and whether such routines are comprehensively applied.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
15 28 2
169 31 17
152
160
468



« Previous Card | Data Validation and Encoding | Next Card »
Retrieved from "https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_VE_8&oldid=207016"