Testing for Exposed Session Variables
OWASP Web Security Testing Guide 4.2 > 6. Session Management Testing > 6.4. Testing for Exposed Session Variables
ID | Link to Hackinglife | Link to OWASP | Description |
---|---|---|---|
6.4 | WSTG-SESS-04 | Testing for Exposed Session Variables | - Ensure that proper encryption is implemented (Encryption & Reuse of session Tokens vulnerabilities). - Review the caching configuration. - Assess the channel and methods' security (Send sessionID with GET method ?) |