Presentation is loading. Please wait.

Presentation is loading. Please wait.

Session Hijacking Tarun Lall.

Similar presentations


Presentation on theme: "Session Hijacking Tarun Lall."— Presentation transcript:

1 Session Hijacking Tarun Lall

2 What is Session Hijacking
TCP Connection Takeover Takeover of a Web Application Session

3 State Management HTTP is Stateless Web Applications need state
User Logins Shopping Carts

4 State Management, Cont’d
Client Side Server Side Golden Rule of Web Application Security Cookies and Hidden Fields

5 Reasons for Session Hijacking
No Standards for Maintaining State Session Tracking and State information at Client

6 How to Prevent Session Hijacking
Session Identifiers Should Be Unique Session Identifiers Should Not be Guessable Session Identifiers Should Be Independent Session Identifiers Should be Mapped with Client-Side Connections

7 References Web hacking Attacks and Defense by Stuart McClure, Saumil Shah, Shreeraj Shah


Download ppt "Session Hijacking Tarun Lall."

Similar presentations


Ads by Google