Testing for Session Puzzling
OWASP Web Security Testing Guide 4.2 > 6. Session Management Testing > 6.8. Testing for Session Puzzling
ID | Link to Hackinglife | Link to OWASP | Description |
---|---|---|---|
6.8 | WSTG-SESS-08 | Testing for Session Puzzling | - Identify all session variables. - Break the logical flow of session generation. - Check whether the application uses the same session variable for more than one purpose |