[Owasp-alabama] Last login from in a web app

owasp-alabama at lists.owasp.org owasp-alabama at lists.owasp.org
Mon Oct 3 10:55:01 EDT 2011


Hey there

While wrapping up a web application assessment [portal with sensitive
PII/PHI ] for my employer; I am all the sudden stuck as to produce
text for reasons/arguments to augment one of the recommendations in
the report: "The last login from", Once a user logs in, she/he is not
presented with a way to see where-from/when they were last
successfully authenticated to the portal.

Apart from the reason that it adds more awareness to the portal user
on their activity in the portal, are there any official documentation
out there or verbiage that will make the business case for developing
it. on the admin side of the portal, there is such reporting for the
admins.

this might be an unusual non-technical question, but thanks in advance... :)

cheers!
-S


More information about the Owasp-alabama mailing list