V3.5 — Token-based Session Management
Token-based Session Management: 3 L3 requirement(s). V3.5.1: Verify the application allows users to revoke OAuth tokens that form trust relationships with linked applications. V3.5.2: Verify the application uses session tokens rather than static API secrets and keys, except with legacy implementations. V3.5.3: Verify that stateless session tokens use digital signatures, encryption, and other countermeasures to protect against ta...
| Property | Value |
|---|---|
| Section | V3.5 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-AUTH-02 | JWT Bearer Token Session Management |
Source: OWASP Application Security Verification Standard 4.0.3