V3.2 — Session Binding
Session Binding: 4 L3 requirement(s). V3.2.1: Verify the application generates a new session token on user authentication. (C6) V3.2.2: Verify that session tokens possess at least 64 bits of entropy. (C6) V3.2.3: Verify the application only stores session tokens in the browser using secure methods such as appropriately secured cook... ... and 1 more.
| Property | Value |
|---|---|
| Section | V3.2 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-AUTH-02 | JWT Bearer Token Session Management |
Source: OWASP Application Security Verification Standard 4.0.3