Session Binding
V3.2.1
Verify the application generates a new session token on user authentication. (C6)
Level 1 required: True
Level 2 required: True
Level 3 required: True
CWE: 384
V3.2.2
Verify that session tokens possess at least 64 bits of entropy. (C6)
Level 1 required: True
Level 2 required: True
Level 3 required: True
CWE: 331
V3.2.3
Verify the application only stores session tokens in the browser using secure methods such as appropriately secured cookies (see section 3.4) or HTML 5 session storage.
Level 1 required: True
Level 2 required: True
Level 3 required: True
CWE: 539
V3.2.4
Verify that session tokens are generated using approved cryptographic algorithms. (C6)
Level 1 required: False
Level 2 required: True
Level 3 required: True
CWE: 331
Disclaimer:
Credit via OWASP ASVS. For more information visit The OWASP ASVS Project or Github respository.. OWASP ASVS is under the Creative Commons Attribution-Share Alike v3.0 license.
Loading comments 0%