Testing for Session Management

From OWASP
Revision as of 17:39, 10 October 2006 by Mmeucci (Talk | contribs)

Jump to: navigation, search

Session Management Testing

== 4.5.1 Cookie and Session token Manipulation(reg, forg/brute force)== 100% Review == 4.5.2 Weak session tokens == 70% TD == 4.5.3 Session Riding == 100% Review == 4.5.4 Exposed session variables == 0% TD == 4.5.5 HTTP Exploit == 0% TD

Session token transport security and reuse of session tokens from HTTP to HTTPS [][Completed]Javier Fernandez-Sanguino