Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1.4 Authenticated session can be manipulated externally #304

Open
mohamednizar opened this issue Dec 2, 2020 · 0 comments
Open

1.4 Authenticated session can be manipulated externally #304

mohamednizar opened this issue Dec 2, 2020 · 0 comments
Milestone
Resolve Pen Test ...

Comments

@mohamednizar
Copy link
Member

  1. Check the purpose of "/session" route.
  2. If this route is not required for operations, alter the application to remove the routes associated with that or block access to this endpoint from "proxy".
  3. If this route is required for operations, check the possibility of limiting access to browsers.
mohamednizar pushed a commit that referenced this issue Dec 2, 2020
disable session endpoit #304
78f108b
@mohamednizar mohamednizar mentioned this issue Dec 2, 2020
Merged
mohamednizar pushed a commit that referenced this issue Dec 2, 2020
disable session endpoint #304
509b947
mohamednizar pushed a commit that referenced this issue Jan 5, 2021
disable session endpoint #304
8621615
@mohamednizar mohamednizar mentioned this issue Jan 5, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Resolve Pen Test suggesions
Development

No branches or pull requests
1 participant
@mohamednizar