Session Management Most Common Error
Attackers can take advantage of poorly implemented session management, enabling them to interject themselves as valid website users. Session management vulnerabilities were detected in 80 percent of applications tested in 2012, more than any other application vulnerability class, according to Cenzic. Software security experts at the Open Web Application Security Project say the use of an application framework with built-in session management capabilities is key to developing an application that maintains user actions within unique sessions. The group discourages developers from implementing their own session management.