Академический Документы
Профессиональный Документы
Культура Документы
Session Management Flaws in access control? Ability to brute force at the discovered access points.
Token protection
Session Duration Check for path transversal. Ability to bypass auth. with spoofed tokens
Idle time Duration
Guess Session ID format Client side Caching Ability to conduct replay attack.
Transfer in URL or BODY? Check header
Is Session Id linked to the IP address? Check metatag Forced browsing, does application keep a check by tracking
Change Referrer tag request from each user.
Determine file permissions
© secguru.com