OWASP Annotated Application Security Verification Standard
latest
Browse by chapter:
1 Architecture, Design and Threat Modeling
2 Authentication
3 Session Management
3.1 Fundamental Session Management Requirements
3.2 Session Binding Requirements
3.3 Session Logout and Timeout Requirements
3.4 Cookie-based Session Management
3.5 Token-based Session Management
3.6 Re-authentication from a Federation or Assertion
3.7 Defenses Against Session Management Exploits
3.7.1 A valid login session is ensured or re-authentication required before allowing sensitive transactions/modifications
4 Access Control
5 Validation, Sanitization and Encoding
6 Stored Cryptography
7 Error Handling and Logging
8 Data Protection
9 Communications
10 Malicious Code
11 Business Logic
12 Files and Resources
13 API and Web Service
14 Configuration
OWASP Annotated Application Security Verification Standard
Docs
»
3 Session Management
»
3.7 Defenses Against Session Management Exploits
3.7 Defenses Against Session Management Exploits
ΒΆ
Browse by item:
3.7.1 A valid login session is ensured or re-authentication required before allowing sensitive transactions/modifications