[Owasp-alabama] Last login from in a web app

owasp-alabama at lists.owasp.org owasp-alabama at lists.owasp.org
Mon Oct 3 11:02:23 EDT 2011


I agree with Daniel on this.

Unless the requirement for this was included in the business requirements,
it would not be an issue. There are other, much more effective, methods of
accomplishing security objectives.

Hope this helps!


-Brad Causey
CISSP, MCSE, C|EH, CIFI, CGSP

http://www.owasp.org
--
"Si vis pacem, para bellum"
--


On Mon, Oct 3, 2011 at 9:59 AM, <owasp-alabama at lists.owasp.org> wrote:

>
> On Oct 3, 2011, at 9:55 AM, owasp-alabama at lists.owasp.org wrote:
>
> > "The last login from", Once a user logs in, she/he is not
> > presented with a way to see where-from/when they were last
> > successfully authenticated to the portal.
> >
> > Apart from the reason that it adds more awareness to the portal user
> > on their activity in the portal, are there any official documentation
> > out there or verbiage that will make the business case for developing
> > it. on the admin side of the portal, there is such reporting for the
> > admins.
> >
> > this might be an unusual non-technical question, but thanks in advance...
> :)
>
>
> I don't necessarily see this as a 'finding' or something that falls into
> any 'vulnerability class'.
> This sounds like an opinion / recommendation that you may want to pass back
> on to a developer but I wouldn't
> put something like this in an app assessment report finding.
>
> I would argue more over the merits of 2 or 3 factor auth and CSRF or
> something that falls into a vulnerability class.
>
> | Daniel Uriah Clemens
> | Packetninjas L.L.C | | http://www.packetninjas.net
> | c. 205.567.6850      | | o. 866.267.8851
> "Moments of sorrow are moments of sobriety"
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Owasp-alabama mailing list
> Owasp-alabama at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-alabama
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-alabama/attachments/20111003/9861da64/attachment.html 


More information about the Owasp-alabama mailing list