Fluid Attacks logo
Login
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us
GET A DEMO

R028. Allow user logout

This document contains the details of the security requirements related to the definition and management of sessions and session variables in the organization. This requirement establishes the importance of allowing users to terminate the session from any protected resource.

Requirement

The system must allow users to manually logout from any resource protected by authentication.

References

  1. BSSIM9 SM2.6: Require security sign-off.

  2. OWASP-ASVS v3.1-3.17. Verify that the application tracks all active sessions. And allows users to terminate sessions selectively or globally from their account.


Service status - Terms of Use