1.3.2 - Multiple Concurrent Sessions Handling (Documentation)

OWASP / ASVS

Application Security Verification Standard

Creative Commons Attribution Share Alike 4.0 International

2.71k stars 662 forks source link

Open ryarmst opened 1 week ago

ryarmst commented 1 week ago

Starting with the following proposal for documenting the handling of multiple concurrent sessions:

#	Description	L1	L2	L3
1.3.2	Verify documentation of intended behavior and handling of multiple concurrent (parallel) sessions initiated for the same account or identity including all controls intended to terminate one or multiple active sessions.	✓	✓	✓

L1 requirement based on 3.8.2, 3.8.5, and 3.8.6.

jmanico commented 1 week ago

Like it! Thank you!

tghosth commented 1 week ago

Slight change

#	Description	L1	L2	L3
1.3.2	Verify that the application documents the intended behavior and handling of multiple concurrent (parallel) sessions initiated for the same account or identity including all controls intended to terminate one or multiple active sessions.	✓	✓	✓

Overall I think it sounds good :)