Encapsulation
Encapsulation is about having strict boundaries between users, programs and data. E.g., make sure that one user of a web application cannot access the data of another current user.
Examples
- Wrong usage of hidden web form fields
- Using hidden web form fields to store sensitive data (e.g. session IDs) that can be manipulated by the user.
- Cross-Site Request Forgery (CSRF)
- Allows an attacker to trick a user into executing unwanted actions on a web application in which they're currently authenticated. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.