Session Handling
by Mark Neve
1. Open Web Application Security Project (OWASP)
1.1. Application Security Verification Standard 4.0.3 (ASVS)
1.1.1. V3.1 Fundamental Session Management Security
1.1.2. V3.2 Session Binding
1.1.3. V3.3 Session Termination
1.1.4. V3.4 Cookie-based Session Management
1.1.5. V8.2 Client-side Data Protection
1.2. Mobile Application Security Verification Standard (MASVS)
1.2.1. 4.4 MSTG-AUTH-4
1.2.2. 4.7 MSTG-AUTH-7
1.2.3. 4.1 MSTG-AUTH-11
2. UK National Cyber Security Centre (NCSC)
2.1. Application development Recommendations
2.1.1. Secure data handling Session handling
3. APPLE
3.1. Developer Security
3.1.1. Authorization and Authentication Sessions Overview