The system must encrypt and verify client-side session information (ViewState).
ViewState contains information about the state of the user interface and controls on a web page. If left unverified, an attacker could tamper the ViewState data. If ViewState is not properly protected, it could be a target for attackers attempting session hijacking.
This requirement is verified in following services
Plan | Supported |
---|---|
Essential | 🔴 |
Advanced | 🟢 |