Tag: ASVS 3.8

• OWASP A3 – Broken Authentication and Session Management Defenses with PHP Part 2

  We covered OWASP ASVS 3.1, 3.2, and 3.3 in our previous post. I will continue where we left off, beginning this week’s post with ASVS 3.4. ASVS 3.4 Requirement: Verify that sessions timeout after an administratively-configurable maximum time period regardless of activity (an absolute timeout). I am not sure that this is a security requirement…

  Josh Berry

  June 28, 2011

  OWASP 2010 A3, PHP Security

  ASVS 3.4, ASVS 3.5, ASVS 3.6, ASVS 3.7, ASVS 3.8, ASVS 3.9, OWASP 2010 A3 – Broken Authentication and Session Management, PHP