Insufficient Session Timeout


Description

The application does not timeout inactive sessions within an appropriate amount of time. Once an individual session is established, it remains active for an extended period of time. This allows user sessions to remain valid longer than necessary leaving them open to attacks.

Custom Description

Impact

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply