|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Is logoff feature necessary
From: Alexis FitzGerald (alexis
iol.ie)
Date: Wed May 03 2006 - 06:19:01 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
In general, if there is a logon button there should be a logoff button. This
should tidy up the server session etc.
Another concern is that if you have had problems persuading the developer to
put in a logoff button, what other security vulnerabilities might be in the
application-especially if it is processing sensitive information or
transactions. Show the developer the OWASP Top Ten and ask if there are
measures in place within the application to protect against these types of
vulnerabilities.
The OWASP Top Ten is at: http://www.owasp.org/documentation/topten.html
regards
Alexis
email: alexisiol.ie
web: www.ritsgroup.com
-------------------------------------------------------------------------
Sponsored by: Watchfire
The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have seen,
and outlines a guideline for developing secure web applications.
Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]