[OWASP-TESTING] Testing Guide structure and documents to do

Eoin Keary eoinkeary at hotmail.com
Thu Mar 23 10:55:16 EST 2006

Thanks Javier

>From: Javier Fernandez-Sanguino <jfernandez at germinus.com>
>To: Glyn Geoghegan <glyng at moiler.com>
>CC: Eoin <eoinkeary at gmail.com>, owasp-testing at lists.sourceforge.net
>Subject: Re: [OWASP-TESTING] Testing Guide structure and documents to do
>Date: Thu, 23 Mar 2006 16:26:53 +0100
>Glyn Geoghegan wrote:
>>A lot of the session related stuff is in the doc I sent you a few  days 
>>back, but it does need fresh eyes and some updates.
>I'm willing to review that part as I've done extensive application review 
>recently and we devoted some time to define how to test for proper session 
>Eoin, please notice that maybe the following should be included as 
>'Completed' (or maybe pending review)
>[ ... ]
>·	Session token transport security and reuse of session tokens from HTTP to 
>·	Session hijacking [ ]
>·	Session replay [ ]
>·	Session manipulation [ ]
>·	Inactivity timeout [ ]
>·	Activity timeout [ ]
>·	Expiration at logoff [ ]
>·	Session token expiry [ ]
>This SF.Net email is sponsored by xPML, a groundbreaking scripting language
>that extends applications into web and mobile media. Attend the live 
>and join the prime developer group breaking into this new coding territory!
>owasp-testing mailing list
>owasp-testing at lists.sourceforge.net

Find just what you're after on your PC with Windows Desktop Search - FREE! 

More information about the Owasp-testing mailing list