Tool to Test
Open Source Software: Burp Suite, OWASP ZAP.
Browser Add-Ons: Cookie Editor, Tamper Data.
OWASP lists “Broken Authentication and Session Management” as the second most exploited vulnerability, and suggest testing your application for weak session management. The session management implementation is the process of tracking the user’s activity in the form of cookies across the users’ interaction with the system/ web application.
While developing an application with secure session management, cookie management plays a vital role which would require understanding of cookies details like attributes (Secure Flag, Connection type, Session expiration time, etc.), Unique values (session ID) and to under-stand how the attackers exploit the weak session management vulnerabilities.
Test Approach
Market / Business Impacts
Do’s and Don’ts
Tool to Test
Open Source Software: Burp Suite, OWASP ZAP.
Browser Add-Ons: Cookie Editor, Tamper Data.