[Owasp-alabama] Last login from in a web app

owasp-alabama at lists.owasp.org owasp-alabama at lists.owasp.org
Mon Oct 3 10:59:16 EDT 2011


On Oct 3, 2011, at 9:55 AM, owasp-alabama at lists.owasp.org wrote:

> "The last login from", Once a user logs in, she/he is not
> presented with a way to see where-from/when they were last
> successfully authenticated to the portal.
> 
> Apart from the reason that it adds more awareness to the portal user
> on their activity in the portal, are there any official documentation
> out there or verbiage that will make the business case for developing
> it. on the admin side of the portal, there is such reporting for the
> admins.
> 
> this might be an unusual non-technical question, but thanks in advance... :)


I don't necessarily see this as a 'finding' or something that falls into any 'vulnerability class'. 
This sounds like an opinion / recommendation that you may want to pass back on to a developer but I wouldn't
put something like this in an app assessment report finding. 

I would argue more over the merits of 2 or 3 factor auth and CSRF or something that falls into a vulnerability class. 

| Daniel Uriah Clemens
| Packetninjas L.L.C | | http://www.packetninjas.net
| c. 205.567.6850      | | o. 866.267.8851 
"Moments of sorrow are moments of sobriety"













More information about the Owasp-alabama mailing list