Fix security issues correctly

From OWASP

Jump to: navigation, search

This is a principle or a set of principles. To view all principles, please see the Principle Category page.


This article is a stub. You can help OWASP by expanding it.

This template will categorize articles that include it into the Category:Stub category.

Summary

Once a security issue has been identified, it is important to develop a test for it, and to understand the root cause of the issue. When design patterns are used, it is likely that the security issue is widespread amongst all code bases, so developing the right fix without introducing regressions is essential.

For example, a user has found that they can see another user’s balance by adjusting their cookie. The fix seems to be relatively straightforward, but as the cookie handling code is shared amongst all applications, a change to just one application will trickle through to all other applications. The fix must therefore be tested on all affected applications.

Retrieved from "http://www.owasp.org/index.php/Fix_security_issues_correctly"
Personal tools