Gone on too long, P-8 Missing or Insufficient Session Expiration
P-8 Missing or Insufficient Session Expiration
The OWASP Top 10 Privacy Risks Project identifies the top 10 privacy risks in web applications, the cloud and the global online ecosystem. In September of 2021, version 2 of the project was released. I'm going to work through the list and discuss each risk, with references and mitigation countermeasures, if they exist.
What is Session? From MDN
Poorly enforced session termination is a significant privacy risk. Sessions may be reused for authorization to access user data without the user's consent or awareness.
This risk can be mitigated by configuring shorter session expiration periods, implementing a logout function and avoiding "infinite" session timeouts.
Photo by Zdeněk Macháček on Unsplash
Denzel Washington Quotes. (n.d.). BrainyQuote.com. Retrieved July 12, 2022, from BrainyQuote.com Web