[Owasp-topten] wording on A8 Tech Impact

Abbas Naderi abbas.naderi at owasp.org
Sun Feb 17 18:20:10 UTC 2013

Trick here would usually mean phishing. I suggest you replace it with "legally forge victim's operations"

On ۲۹ بهمن ۱۳۹۱, at ۲۱:۴۱, Neil Smithline <neil.smithline at owasp.org> wrote:

> I think that A8 Tech Input needs some cleanup. The current text is:
> Attackers can cause victims to change any data the victim is allowed to change or perform any other function the victim is authorized to use, including state changing requests, like logout or even login. 
> I whipped up the revised paragraph below. 
> Attackers can trick victims into performing any operation the victim is authorized to perform. This can include changing account email addresses, making purchases, or user login and logout.
> I'm not wed to that verbiage. With the exception of changing "can cause victims" to "can trick victims", my other changes are grammatical. I think the "cause" --> "trick" change is an important one.
> Neil
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20130217/74c2b554/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4889 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20130217/74c2b554/attachment-0001.bin>

More information about the Owasp-topten mailing list