OWASP Annotated Application Security Verification Standard

latest

Browse by chapter:

1 Architecture, Design and Threat Modeling
2 Authentication
3 Session Management
4 Access Control
5 Validation, Sanitization and Encoding
6 Stored Cryptography
7 Error Handling and Logging
8 Data Protection
9 Communications
10 Malicious Code
11 Business Logic
12 Files and Resources
13 API and Web Service
14 Configuration

OWASP Annotated Application Security Verification Standard

Docs »
3 Session Management »
3.5 Token-based Session Management »
3.5.2 TODO

3.5.2 TODO¶

Verify the application uses session tokens rather than static API secrets and keys, except with legacy implementations.

Level 1
Level 2	X
Level 3	X

CWE	NIST
798

Next Previous

© Copyright 2019 Wessel van der Linden Revision 63d1bede.

Built with Sphinx using a theme provided by Read the Docs.