Home > taxonomy > asvs 4.0.3 > 03 session management > 01 fundamental session management security
Verify the application never reveals session tokens in URL parameters.
Level 1 required: True
Level 2 required: True
Level 3 required: True
CWE: 598
Credit via OWASP ASVS. For more information visit The OWASP ASVS Project or Github respository.. OWASP ASVS is under the Creative Commons Attribution-Share Alike v3.0 license.
