[Owasp-topten] Session Fixation in Identity Manager (IdM) based Single Sign-On (SSO) Environments
vanderaj at owasp.org
Tue Jul 17 07:07:29 UTC 2012
Make sure you look at this issue as well in the session management update
in the Top 10:
*Session puzzling and session race conditions*
Session puzzling has not got anywhere near the awareness, traction, nor
testing that is required, and yet is so simple to do once *understood*,
practiced, and learnt. I've seen it recently, but does require a certain
application architecture and mis-implementation, which many IdM and SSO
implementations seem to do.
Is it very common? No, but it's easy enough to mention, like we do for
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-topten