Thanks for a nice writeup of this issue. I do think this is worth including
in the OWASP top ten. I'd appreciate people's thoughts on whether this fits
into the "Broken Authentication and Session Management" category
(http://www.owasp.org/documentation/topten/a3.html) or if this should b...
Thanks for a nice writeup of this issue. I do think this is worth including
in the OWASP top ten. I'd appreciate people's thoughts on whether this fits
into the "Broken Authentication and Session Management" category
(http://www.owasp.org/documentation/topten/a3.html) or if this should b...
[ more ]