Download presentation
Presentation is loading. Please wait.
1
Session Hijacking Tarun Lall
2
What is Session Hijacking
TCP Connection Takeover Takeover of a Web Application Session
3
State Management HTTP is Stateless Web Applications need state
User Logins Shopping Carts
4
State Management, Cont’d
Client Side Server Side Golden Rule of Web Application Security Cookies and Hidden Fields
5
Reasons for Session Hijacking
No Standards for Maintaining State Session Tracking and State information at Client
6
How to Prevent Session Hijacking
Session Identifiers Should Be Unique Session Identifiers Should Not be Guessable Session Identifiers Should Be Independent Session Identifiers Should be Mapped with Client-Side Connections
7
References Web hacking Attacks and Defense by Stuart McClure, Saumil Shah, Shreeraj Shah
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.