[Owasp-singapore] Web Application Security
spawn of soul calibur
ruel555 at hotmail.com
Wed Jun 17 23:06:08 EDT 2009
Just need your opinion/feedback or comment. We have implemented a "not so" sensitive web based application to use for our Reward program. Its an SaaS. The issues that I have uncovered is that it does not follow our password policy and that the logon credential is stored in the cookie. Meaning a user can login by just clicking on the "back" and "forward" button of the browser.
The business has provided a risk acceptance. But not sure how to respond on this. Any opinion/suggestion/feedback/comment?
More than messages–check out the rest of the Windows Live™.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-singapore