Skip to content

0x52sec/wstg-session-tester

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
src/wstg_session_tester
src/wstg_session_tester
 
 
tests
tests
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

WSTG Session Tester

Python framework to evaluate session controls aligned with OWASP WSTG 4.6 (schema, cookie attributes, fixation, timeout, CSRF, logout, puzzling, hijacking, JWT, concurrent sessions).

For authorized targets only.

Features (planned)

  • Cookie flags: HttpOnly, Secure, SameSite
  • Session fixation checks
  • Timeout/idle enforcement
  • JWT claim lints (exp/iat/aud/iss, alg)
  • CSRF detector (form + header)
  • Concurrent session policy probes

Dev

python -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"
pytest -q

CLI

wstg-session-tester --target https://example.local --auth bearer:TOKEN

Legal

Educational use only with explicit authorization.

About

OWASP WSTG-aligned session testing helpers (educational, Python-based).

Topics

python automation session owasp appsec security-testing wstg

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages