Skip to content

Commit

Permalink
Update Authorization_Cheat_Sheet.md (#1564)
Browse files Browse the repository at this point in the history
  • Loading branch information
@brandonaltermatt
brandonaltermatt authored Dec 20, 2024
1 parent 9e553b9 commit 038a51e
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions cheatsheets/Authorization_Cheat_Sheet.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,7 @@ Failed access control checks are a normal occurrence in a secured application; c
- Ensure all exception and failed access control checks are handled no matter how unlikely they seem ([OWASP Top Ten Proactive Controls C10: Handle all errors and exceptions](https://owasp.org/www-project-proactive-controls/v3/en/c10-errors-exceptions.html)). This does not mean that an application should always try to "correct" for a failed check; oftentimes a simple message or HTTP status code is all that is required.
- Centralize the logic for handling failed access control checks.
- Verify the handling of exception and authorization failures. Ensure that such failures, no matter how unlikely, do not put the software into an unstable state that could lead to authorization bypass.
- Ensure sensitive information, such as system logs or debugging output, is not exposed in error messages. Misconfigured error messages can increase the attack surface of your application. ([CWE-209: Generation of Error Message Containing Sensitive Information](https://cwe.mitre.org/data/definitions/209.html))

### Implement Appropriate Logging

Expand Down

0 comments on commit 038a51e

Please sign in to comment.