[Owasp-singapore] Web Application Security

spawn of soul calibur ruel555 at hotmail.com
Wed Jun 17 23:06:08 EDT 2009


Hi Guys,

 

Just need your opinion/feedback or comment. We have implemented a "not so" sensitive web based application to use for our Reward program. Its an SaaS. The issues that I have uncovered is that it does not follow our password policy and that the logon credential is stored in the cookie. Meaning a user can login by just clicking on the "back" and "forward" button of the browser.

 

The business has provided a risk acceptance. But not sure how to respond on this. Any opinion/suggestion/feedback/comment?

 

Regards,
Ruel

 

 

_________________________________________________________________
More than messages–check out the rest of the Windows Live™.
http://www.microsoft.com/windows/windowslive/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20090618/7be0fce9/attachment.html 


More information about the Owasp-singapore mailing list