Testing for Session Management

From OWASP
Revision as of 17:42, 10 October 2006 by Mmeucci (Talk | contribs)

Jump to: navigation, search

Session Management Testing

4.5.1 Cookie and Session token Manipulation(reg, forg/brute force) 4.5.2 Weak session tokens 4.5.3 Session Riding 4.5.4 Exposed session variables 4.5.5 HTTP Exploit

Session token transport security and reuse of session tokens from HTTP to HTTPS [][Completed]Javier Fernandez-Sanguino