Web Page Caching

/0 Comments/in /by

Description

Caching improves the user browsing experience by reducing the latency time, allowing for better bandwidth usage and reduction of the web server load.
Web pages with web cache enabled can be cached in the client browser as well as in the server proxies and gateways that are part of the web traffic between the client and the web server.
When a web page is not available, a web server and/or a web proxy can serve the browser with a cached web page.
Since cache information can contain sensitive data, it has to be protected from unauthorized access. In the case of web applications, it needs to avoid caching confidential information on the user’s browser.

See how to fix it!

Risk

Caching can cause the following security issue :

  • Unauthorized information disclosure via cached data access
  • Information disclosure via HTTP POST reply
  • Escalation of privileges and user impersonation via cached sessionIDs and cookies

How to prevent Web Page Caching

Prevent Web Page Caching in ASP.NET
Prevent Web Page Caching in JAVA
Prevent Web Page Caching in PHP

Reference

https://www.owasp.org/index.php/Testing_for_Logout_and_Browser_Cache_Management_(OWASP-AT-007)

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *