[OWASP-TESTING] Testing Guide structure and documents to do
Eoin Keary
eoinkeary at hotmail.com
Thu Mar 23 10:55:16 EST 2006
Thanks Javier
>From: Javier Fernandez-Sanguino <jfernandez at germinus.com>
>To: Glyn Geoghegan <glyng at moiler.com>
>CC: Eoin <eoinkeary at gmail.com>, owasp-testing at lists.sourceforge.net
>Subject: Re: [OWASP-TESTING] Testing Guide structure and documents to do
>Date: Thu, 23 Mar 2006 16:26:53 +0100
>
>Glyn Geoghegan wrote:
>>A lot of the session related stuff is in the doc I sent you a few days
>>back, but it does need fresh eyes and some updates.
>
>I'm willing to review that part as I've done extensive application review
>recently and we devoted some time to define how to test for proper session
>management.
>
>Eoin, please notice that maybe the following should be included as
>'Completed' (or maybe pending review)
>
>Authentication
>[ ... ]
>· Session token transport security and reuse of session tokens from HTTP to
>HTTPS []
>· Session hijacking [ ]
>· Session replay [ ]
>· Session manipulation [ ]
>· Inactivity timeout [ ]
>· Activity timeout [ ]
>· Expiration at logoff [ ]
>· Session token expiry [ ]
>
>
>Regards
>
>Javier
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by xPML, a groundbreaking scripting language
>that extends applications into web and mobile media. Attend the live
>webcast
>and join the prime developer group breaking into this new coding territory!
>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>_______________________________________________
>owasp-testing mailing list
>owasp-testing at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/owasp-testing
_________________________________________________________________
Find just what you're after on your PC with Windows Desktop Search - FREE!
http://desktop.msn.ie/
More information about the Owasp-testing
mailing list