[Owasp-topten] wording on A8 Tech Impact

Neil Smithline neil.smithline at owasp.org
Sun Feb 17 18:11:12 UTC 2013

I think that A8 Tech Input needs some cleanup. The current text is:

Attackers can cause victims to change any data the victim is allowed to
change or perform any other function the victim is authorized to use,
including state changing requests, like logout or even login.

I whipped up the revised paragraph below.

Attackers can trick victims into performing any operation the victim is
authorized to perform. This can include changing account email addresses,
making purchases, or user *login* and logout.

I'm not wed to that verbiage. With the exception of changing "can cause
victims" to "can trick victims", my other changes are grammatical. I think
the "cause" --> "trick" change is an important one.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20130217/6ebee60d/attachment.html>

More information about the Owasp-topten mailing list