Session Management does not need to be complex. Simple session management.

Security Can Be Complicated. Session Management Doesn’t Have To Be.

While performing a manual penetration test recently, I encountered a session management system that flew in the face of almost all the recommended security practices. Rather than use a pre-built implementation associated with a development framework, the developers had written one from scratch that, among other things: Generated session tokens ... Read More