Adding "Test for Simultaneous sessions" in Session Management Testing

OWASP / wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Creative Commons Attribution Share Alike 4.0 International

6.93k stars 1.29k forks source link

What's the issue? The Session Management Testing section does not mention that a secure application should verify the number of active sessions for each correct username and password. For example, in a high-risk admin panel containing extensive Personally Identifiable Information (PII) data, it is crucial to effectively manage active sessions.

How do we solve it? I want to add a test case or a general guideline for this section.

Would you like to be assigned to this issue?

[x] Assign me, please!

OWASP / wstg

Adding "Test for Simultaneous sessions" in Session Management Testing #1110