Home >> Taxonomy >> Asvs 4.0.3 >> 08 data protection >> 02 client side data protection

Client-side Data Protection

V8.2.1

Verify the application sets sufficient anti-caching headers so that sensitive data is not cached in modern browsers.

Level 1 required: True

Level 2 required: True

Level 3 required: True

CWE: 525

V8.2.2

Verify that data stored in browser storage (such as localStorage, sessionStorage, IndexedDB, or cookies) does not contain sensitive data.

Level 1 required: True

Level 2 required: True

Level 3 required: True

CWE: 922

V8.2.3

Verify that authenticated data is cleared from client storage, such as the browser DOM, after the client or session is terminated.

Level 1 required: True

Level 2 required: True

Level 3 required: True

CWE: 922

Disclaimer:

Credit via OWASP ASVS. For more information visit The OWASP ASVS Project or Github respository.. OWASP ASVS is under the Creative Commons Attribution-Share Alike v3.0 license.

View source on GitHub

Loading comments 0%