Session Timeout from ASVS framework

SAMMY works best on screens 1024px wide or larger.

Encoding and Sanitization
Validation and Business Logic
Web Frontend Security
API and Web Service
File Handling
Authentication
Session Management
Authorization
Self-contained Tokens
- Token source and integrity
- Token content
OAuth and OIDC
Cryptography
Secure Communication
Configuration
Data Protection
Secure Coding and Architecture
Security Logging and Error Handling
WebRTC
- TURN Server
- Media
- Media

V7.3.1

V7.3.1: Verify that there is an inactivity timeout such that re-authentication is enforced according to risk analysis and documented security decisions.

Verify that there is an inactivity timeout such that re-authentication is enforced according to risk analysis and documented security decisions.

Description

Verify that there is an inactivity timeout such that re-authentication is enforced according to risk analysis and documented security decisions.

V7.3.2

V7.3.2: Verify that there is an absolute maximum session lifetime such that re-authentication is enforced according to risk analysis and documented security decisions.

Verify that there is an absolute maximum session lifetime such that re-authentication is enforced according to risk analysis and documented security decisions.

Description

Verify that there is an absolute maximum session lifetime such that re-authentication is enforced according to risk analysis and documented security decisions.