This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Testing for Session Management"
From OWASP
(→Session Management Testing) |
|||
Line 1: | Line 1: | ||
=== Session Management Testing === | === Session Management Testing === | ||
− | [[ 4.5.1 Cookie and Session | + | [[ Cookie and Session Token Manipulation AoC|4.5.1 Cookie and Session Token Manipulation]]<br> |
− | [[ 4.5.2 Weak | + | [[ Weak Session Tokens AoC|4.5.2 Weak Session Tokens ]]<br> |
− | [[ 4.5.3 Session Riding ]] | + | [[ Session Riding AoC|4.5.3 Session Riding ]]<br> |
− | [[ 4.5.4 Exposed | + | [[ Exposed Session Variables AoC|4.5.4 Exposed Session Variables ]]<br> |
− | [[ 4.5.5 HTTP Exploit ]] | + | [[ HTTP Exploit AoC|4.5.5 HTTP Exploit ]]<br> |
'''Session token transport security and reuse of session tokens from HTTP to HTTPS''' | '''Session token transport security and reuse of session tokens from HTTP to HTTPS''' | ||
[][Completed]Javier Fernandez-Sanguino | [][Completed]Javier Fernandez-Sanguino |
Revision as of 22:50, 10 October 2006
Session Management Testing
4.5.1 Cookie and Session Token Manipulation
4.5.2 Weak Session Tokens
4.5.3 Session Riding
4.5.4 Exposed Session Variables
4.5.5 HTTP Exploit
Session token transport security and reuse of session tokens from HTTP to HTTPS [][Completed]Javier Fernandez-Sanguino