This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Testing for Session Management"
From OWASP
| Line 1: | Line 1: | ||
=== Session Management Testing === | === Session Management Testing === | ||
| − | == 4.5.1 Cookie and Session token Manipulation(reg, forg/brute force)== | + | == 4.5.1 Cookie and Session token Manipulation(reg, forg/brute force)== |
| − | == 4.5.2 Weak session tokens == | + | == 4.5.2 Weak session tokens == |
| − | == 4.5.3 Session Riding == | + | == 4.5.3 Session Riding == |
| − | == 4.5.4 Exposed session variables == | + | == 4.5.4 Exposed session variables == |
| − | == 4.5.5 HTTP Exploit == | + | == 4.5.5 HTTP Exploit == |
'''Session token transport security and reuse of session tokens from HTTP to HTTPS''' | '''Session token transport security and reuse of session tokens from HTTP to HTTPS''' | ||
[][Completed]Javier Fernandez-Sanguino | [][Completed]Javier Fernandez-Sanguino | ||
Revision as of 22:40, 10 October 2006
Session Management Testing
4.5.1 Cookie and Session token Manipulation(reg, forg/brute force)
4.5.2 Weak session tokens
4.5.3 Session Riding
4.5.4 Exposed session variables
4.5.5 HTTP Exploit
Session token transport security and reuse of session tokens from HTTP to HTTPS [][Completed]Javier Fernandez-Sanguino
