Tag: OWASP 2010 A3 – Broken Authentication and Session Management

• OWASP A3 – Broken Authentication and Session Management Defenses with PHP Part 5

  We are finishing up OWASP A3 today. Yay! I haven’t decided which section I will cover next, probably something fun like XSS or SQLi mitigations. Picking up where we left off, we are at ASVS 2.7… ASVS 2.7 Requirement: Verify that the strength of any authentication credentials are sufficient to withstand attacks that are typical…

  Josh Berry

  August 15, 2011

  OWASP 2010 A3, PHP Security

  ASVS 2.10, ASVS 2.11, ASVS 2.12, ASVS 2.13, ASVS 2.14, ASVS 2.15, ASVS 2.7, ASVS 2.8, ASVS 2.9, OWASP 2010 A3 – Broken Authentication and Session Management, PHP

• OWASP A3 – Broken Authentication and Session Management Defenses with PHP Part 4

  This week we will cover the authentication portion of OWASP A3. I’m not following any particular order, just going in the direction I feel like. So if it seems out of order, it probably is. This section will begin covering ASVS 2.x. ASVS 2.1 Requirement: Verify that all pages and resources require authentication except those…

  Josh Berry

  July 22, 2011

  OWASP 2010 A3, PHP Security

  ASVS 2.1, ASVS 2.2, ASVS 2.3, ASVS 2.4, ASVS 2.5, ASVS 2.6, OWASP 2010 A3 – Broken Authentication and Session Management, PHP

• OWASP A3 – Broken Authentication and Session Management Defenses with PHP Part 3

  I took last week off due to the holiday and what not. So this week we will pick back up where we left off, and hopefully continue adding a post a week. Two weeks ago we stopped at ASVS 3.9, this week we will start with ASVS 3.10 and finish up ASVS section 3. ASVS…

  Josh Berry

  July 11, 2011

  OWASP 2010 A3, PHP Security

  ASVS 11.4, ASVS 11.5, ASVS 3.10, ASVS 3.11, ASVS 3.12, ASVS 3.13, OWASP 2010 A3 – Broken Authentication and Session Management, PHP

• OWASP A3 – Broken Authentication and Session Management Defenses with PHP Part 2

  We covered OWASP ASVS 3.1, 3.2, and 3.3 in our previous post. I will continue where we left off, beginning this week’s post with ASVS 3.4. ASVS 3.4 Requirement: Verify that sessions timeout after an administratively-configurable maximum time period regardless of activity (an absolute timeout). I am not sure that this is a security requirement…

  Josh Berry

  June 28, 2011

  OWASP 2010 A3, PHP Security

  ASVS 3.4, ASVS 3.5, ASVS 3.6, ASVS 3.7, ASVS 3.8, ASVS 3.9, OWASP 2010 A3 – Broken Authentication and Session Management, PHP

• Inaugural Post: OWASP A3 – Broken Authentication and Session Management Defenses with PHP Part 1

  I have finally gotten around to starting a blog and this will be my first post in what is hopefully a long running series of useful secure development posts. Given that I am in the business of application security, specifically web applications, I have decided to do a series on OWASP protections. I will try…

  Josh Berry

  June 23, 2011

  OWASP 2010 A3, PHP Security

  ASVS 3.1, ASVS 3.2, ASVS 3.3, OWASP 2010 A3 – Broken Authentication and Session Management, PHP