Young hacker smiling

Zero false positives

Expert intelligence + effective automation

REQ.028 Allow user logout

This document contains the details of the security requirements related to the definition and management of sessions and session variables in the organization. This requirement establishes the importance of allowing users to terminate the session from any protected resource.


The system must allow users to manually logout from any resource protected by authentication.


  1. OWASP-ASVS v3.1-3.17. Verify that the application tracks all active sessions. And allows users to terminate sessions selectively or globally from their account.

  2. BSSIM9 SM2.6: Require security sign-off.

Service status - Terms of Use