jQuery in Action, 3rd edition
The moose likes Servlets and the fly likes a3-Broken Authentication and Session Management Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "a3-Broken Authentication and Session Management" Watch "a3-Broken Authentication and Session Management" New topic

a3-Broken Authentication and Session Management

megan smith

Joined: Nov 30, 2009
Posts: 22
Top 3 risk as per OWASP is Broken Authentication and Session Management even though OWASP is not mentioning Authorization. My questions is how much detail your Book is covering about this topic. The prevention as OWASAP is extensive code review. My question is how much this is viable?
Sunny Wear

Joined: Jul 25, 2005
Posts: 17
Hello Megan,
Thank you for your question!

I decided to have the ebook address CSRF and some points on Session Fixation. This is in one of the five chapters. I explain the attack and have an illustration as well as the mitigation techniques, particularly as given by OWASP. There are many variations on Session Mgmt attacks, but the ebook is meant to be a quick hit to address these in the immediate. I also have a chapter on Peer Code
Reviews and yes, you are correct, they can be laborious and tedious, but necessary. That's why we can look to some boths, either purchased or free, to help facilitate these efforts.

I believe there really is no substitute for the Peer Code Review process. Having other humans look at your code and provide feedback is invaluable especially since the tools can sometimes give
false positives, or worse, false negatives!

"So this is how liberty dies - to thunderous applause" -- Padme (Star Wars - Episode III)
I agree. Here's the link: http://aspose.com/file-tools
subject: a3-Broken Authentication and Session Management
It's not a secret anymore!