WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is logoff feature necessary

From: "Alexis FitzGerald" <alexis () iol ie>
Date: Wed, 3 May 2006 12:19:01 +0100
Hi,

In general, if there is a logon button there should be a logoff button. This
should tidy up the server session etc.

Another concern is that if you have had problems persuading the developer to
put in a logoff button, what other security vulnerabilities might be in the
application-especially if it is processing sensitive information or
transactions. Show the developer the OWASP Top Ten and ask if there are
measures in place within the application to protect against these types of
vulnerabilities.

The OWASP Top Ten is at:  http://www.owasp.org/documentation/topten.html

regards

Alexis

email: alexis () iol ie
web: www.ritsgroup.com



-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online 
despite security executives' efforts to prevent malicious attacks. This 
whitepaper identifies the most common methods of attacks that we have seen, 
and outlines a guideline for developing secure web applications. 
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: