[PHP] About OWASP Application Security Verification Standards
- Date: Thu, 7 Apr 2016 13:29:41 +0300
- From: Tolga <kacmaztolga@xxxxxxxxx>
- Subject: [PHP] About OWASP Application Security Verification Standards
Im wondering how many of you are taking into consideration about these standarts? It seems nice guideline but some of the requirements are seem non-important to me. Are all of these really fatal ?
And i have some questions about some of the requirements here,- Verify that sessions timeout after an administratively-configurable maximum time period regardless of activity (an absolute timeout). (Why ?) - Verify that the application limits the number of active concurrent sessions. (why and how?)
- Verify that all successful authentication and re-authentication generates a new session and session id. (i believe php server is handling that) - Verify that session ids are sufficiently long, random and unique across the correct active session base. (is php's default session ids are enough for this?)
Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
- Prev by Date: [PHP] Re: How to detect if PHP was built with thread safety (ZTS)?
- Next by Date: [PHP] Re: php installation instructions
- Previous by thread: [PHP] How to detect if PHP was built with thread safety (ZTS)?
- Next by thread: [PHP] Anyone using php on FreeBSD as a port?