Difference between revisions of "Fix security issues correctly"

From OWASP
Jump to: navigation, search
(Template conformity)
(Reverting to last version not containing links to www.textolocc4t.com)
 
(3 intermediate revisions by 2 users not shown)
Line 2: Line 2:
  
 
{{Template:Stub}}
 
{{Template:Stub}}
 +
 +
<br>
 +
[[Category:OWASP ASDR Project]]
 +
  
 
==Description==
 
==Description==

Latest revision as of 13:28, 27 May 2009

This is a principle or a set of principles. To view all principles, please see the Principle Category page.

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.




Description

Once a security issue has been identified, it is important to develop a test for it, and to understand the root cause of the issue. When design patterns are used, it is likely that the security issue is widespread amongst all code bases, so developing the right fix without introducing regressions is essential.


Examples

Integration Testing

A user has found that they can see another user’s balance by adjusting their cookie. The fix seems to be relatively straightforward, but as the cookie handling code is shared amongst all applications, a change to just one application will trickle through to all other applications. The fix must therefore be tested on all affected applications.


Related Vulnerabilities


Related Controls


References