Home > taxonomy > asvs 4.0.3 > 08 data protection > 02 client side data protection
Client-side Data Protection
V8.2.1
Verify the application sets sufficient anti-caching headers so that sensitive data is not cached in modern browsers.
Level 1 required: True
Level 2 required: True
Level 3 required: True
CWE: 525
V8.2.2
Verify that data stored in browser storage (such as localStorage, sessionStorage, IndexedDB, or cookies) does not contain sensitive data.
Level 1 required: True
Level 2 required: True
Level 3 required: True
CWE: 922
V8.2.3
Verify that authenticated data is cleared from client storage, such as the browser DOM, after the client or session is terminated.
Level 1 required: True
Level 2 required: True
Level 3 required: True
CWE: 922
Disclaimer:
Credit via OWASP ASVS. For more information visit The OWASP ASVS Project or Github respository.. OWASP ASVS is under the Creative Commons Attribution-Share Alike v3.0 license.
