This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Testing for Session Management"

From OWASP
Jump to: navigation, search
 
Line 1: Line 1:
 +
=== Session Management Testing ===
 +
== 4.5.1 Cookie and Session token Manipulation(reg, forg/brute force)== 100% Review
 +
== 4.5.2 Weak session tokens == 70% TD
 +
== 4.5.3 Session Riding == 100% Review
 +
== 4.5.4 Exposed session variables == 0% TD
 +
== 4.5.5 HTTP Exploit == 0% TD
  
 
'''Session token transport security and reuse of session tokens from HTTP to HTTPS'''
 
'''Session token transport security and reuse of session tokens from HTTP to HTTPS'''
 
[][Completed]Javier Fernandez-Sanguino
 
[][Completed]Javier Fernandez-Sanguino

Revision as of 22:39, 10 October 2006

Session Management Testing

== 4.5.1 Cookie and Session token Manipulation(reg, forg/brute force)== 100% Review == 4.5.2 Weak session tokens == 70% TD == 4.5.3 Session Riding == 100% Review == 4.5.4 Exposed session variables == 0% TD == 4.5.5 HTTP Exploit == 0% TD

Session token transport security and reuse of session tokens from HTTP to HTTPS [][Completed]Javier Fernandez-Sanguino