OWASP Testing Guide

Session Management Testing

4.6.1 Testing for Session Management Schema

4.6.2 Testing for Cookies Attributes

4.6.3 Testing for Session Fixation

4.6.4 Testing for Exposed Session Variables

4.6.5 Testing for Cross Site Request Forgery

4.6.6 Testing for Logout Functionality

4.6.7 Testing Session Timeout

4.6.8 Testing for Session Puzzling

4.6.9 Testing for Session Hijacking

4.6.10 Testing JSON Web Tokens

PreviousTesting for OAuth Weaknesses (WSTG-ATHZ-05)NextTesting for Session Management Schema (WSTG-SESS-01)

Last updated 2 years ago