|
Web Application Security
Is logoff feature necessary May 02 2006 07:41AM test future gmail com (14 replies) Re: Is logoff feature necessary May 02 2006 08:06PM Robert Hajime Lanning (robert lanning gmail com) RE: Is logoff feature necessary May 02 2006 12:40PM Rod Divilbiss (rod rodsdot com) (1 replies) RE: Is logoff feature necessary May 03 2006 10:59AM Auri Rahimzadeh (auri auri net) (2 replies) Administrivia: Is logoff feature necessary May 03 2006 12:53PM Andrew van der Stock (vanderaj greebo net) Re: Is logoff feature necessary May 02 2006 09:32AM Luciano Miguel Ferreira Rocha (strange nsk no-ip org) |
|
|
Privacy Statement |
In general, if there is a logon button there should be a logoff button. This
should tidy up the server session etc.
Another concern is that if you have had problems persuading the developer to
put in a logoff button, what other security vulnerabilities might be in the
application-especially if it is processing sensitive information or
transactions. Show the developer the OWASP Top Ten and ask if there are
measures in place within the application to protect against these types of
vulnerabilities.
The OWASP Top Ten is at: http://www.owasp.org/documentation/topten.html
regards
Alexis
email: alexis (at) iol (dot) ie [email concealed]
web: www.ritsgroup.com
------------------------------------------------------------------------
-
Sponsored by: Watchfire
The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have seen,
and outlines a guideline for developing secure web applications.
Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
------------------------------------------------------------------------
--
[ reply ]