Young hacker smiling

We hack your software

zero false positives

Expert intelligence + Specialized technology
DXST - SAST - IAST - SCA - DevSecOps
White Box - Gray Box - Black Box
Attacking Web Applications, APIs, Mobile Apps
Client-Server, Servers, Networks, IoT Devices
ICS: Industrial Control System

REQ.028 Allow user logout

This document contains the details of the security requirements related to the definition and management of sessions and session variables in the organization. This requirement establishes the importance of allowing users to terminate the session from any protected resource.

Requirement

The system must allow users to manually logout from any resource protected by authentication.

References

  1. OWASP-ASVS v3.1-3.17. Verify that the application tracks all active sessions. And allows users to terminate sessions selectively or globally from their account.


Service status - Terms of Use