This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Testing for Session Management"
From OWASP
Line 1: | Line 1: | ||
+ | === Session Management Testing === | ||
+ | == 4.5.1 Cookie and Session token Manipulation(reg, forg/brute force)== 100% Review | ||
+ | == 4.5.2 Weak session tokens == 70% TD | ||
+ | == 4.5.3 Session Riding == 100% Review | ||
+ | == 4.5.4 Exposed session variables == 0% TD | ||
+ | == 4.5.5 HTTP Exploit == 0% TD | ||
'''Session token transport security and reuse of session tokens from HTTP to HTTPS''' | '''Session token transport security and reuse of session tokens from HTTP to HTTPS''' | ||
[][Completed]Javier Fernandez-Sanguino | [][Completed]Javier Fernandez-Sanguino |
Revision as of 22:39, 10 October 2006
Session Management Testing
== 4.5.1 Cookie and Session token Manipulation(reg, forg/brute force)== 100% Review == 4.5.2 Weak session tokens == 70% TD == 4.5.3 Session Riding == 100% Review == 4.5.4 Exposed session variables == 0% TD == 4.5.5 HTTP Exploit == 0% TD
Session token transport security and reuse of session tokens from HTTP to HTTPS [][Completed]Javier Fernandez-Sanguino