[Owasp-singapore] Web Application Security

spawn of soul calibur ruel555 at hotmail.com
Wed Jun 17 23:06:08 EDT 2009

Hi Guys,


Just need your opinion/feedback or comment. We have implemented a "not so" sensitive web based application to use for our Reward program. Its an SaaS. The issues that I have uncovered is that it does not follow our password policy and that the logon credential is stored in the cookie. Meaning a user can login by just clicking on the "back" and "forward" button of the browser.


The business has provided a risk acceptance. But not sure how to respond on this. Any opinion/suggestion/feedback/comment?





More than messages–check out the rest of the Windows Live™.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20090618/7be0fce9/attachment.html 

More information about the Owasp-singapore mailing list