Presentation is loading. Please wait.

Presentation is loading. Please wait.

Session Hijacking Tarun Lall.

Published byYenny Santoso Modified over 6 years ago

Similar presentations

Presentation on theme: "Session Hijacking Tarun Lall."— Presentation transcript:

1 Session Hijacking Tarun Lall

2 What is Session Hijacking
TCP Connection Takeover Takeover of a Web Application Session

3 State Management HTTP is Stateless Web Applications need state
User Logins Shopping Carts

4 State Management, Cont’d
Client Side Server Side Golden Rule of Web Application Security Cookies and Hidden Fields

5 Reasons for Session Hijacking
No Standards for Maintaining State Session Tracking and State information at Client

6 How to Prevent Session Hijacking
Session Identifiers Should Be Unique Session Identifiers Should Not be Guessable Session Identifiers Should Be Independent Session Identifiers Should be Mapped with Client-Side Connections

7 References Web hacking Attacks and Defense by Stuart McClure, Saumil Shah, Shreeraj Shah

Download ppt "Session Hijacking Tarun Lall."

Similar presentations

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
HTTP Cookies. CPSC 441 - Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.

HTTP Cookies. CPSC Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.
Attacking Session Management Juliette Lessing

Attacking Session Management Juliette Lessing
©2009 Justin C. Klein Keane PHP Code Auditing Session 7 Sessions and Cookies Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 7 Sessions and Cookies Justin C. Klein Keane
Chapter 10 Maintaining State Information Using Cookies.

Chapter 10 Maintaining State Information Using Cookies.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
Internet Vulnerabilities & Criminal Activities 1.2 – 9/12/2011 Structure of Internet Communications 1.2 – 9/12/2011 Structure of Internet Communications.

Internet Vulnerabilities & Criminal Activities 1.2 – 9/12/2011 Structure of Internet Communications 1.2 – 9/12/2011 Structure of Internet Communications.
FORESEC Academy FORESEC Academy Security Essentials (II)

FORESEC Academy FORESEC Academy Security Essentials (II)
Eric Vyncke, May 14 th 2015 HTTP State Management Mechanisms with Multiple Addresses User Agents draft-vyncke-v6ops-happy-eyeballs-cookie-01 RIPE 70, May.

Eric Vyncke, May 14 th 2015 HTTP State Management Mechanisms with Multiple Addresses User Agents draft-vyncke-v6ops-happy-eyeballs-cookie-01 RIPE 70, May.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
MSS*: Chapter 3 Shopping carts & Payment gateways * McClure, Stuart, Saumil Shah, and Shreeraj Shah. Web Hacking: attacks and defense. Addison Wesley.

MSS*: Chapter 3 Shopping carts & Payment gateways * McClure, Stuart, Saumil Shah, and Shreeraj Shah. Web Hacking: attacks and defense. Addison Wesley.
JavaScript, Fourth Edition

JavaScript, Fourth Edition
Client Side Vulnerabilities Aka, The Perils of HTTP Lesson 14.

Client Side Vulnerabilities Aka, The Perils of HTTP Lesson 14.
Chapter 8 Cookies And Security JavaScript, Third Edition.

Chapter 8 Cookies And Security JavaScript, Third Edition.
Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted.

Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted.
12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.

12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.
Feedback #2 (under assignments) Lecture Code:

Feedback #2 (under assignments) Lecture Code:
Www.monash.edu.au Wei Dong and Jan Newmarch June 2005 Session Management for Web Services by using SIP.

Wei Dong and Jan Newmarch June 2005 Session Management for Web Services by using SIP.
Web Application Security Presented by Ben Lake. How the Web Works Hypertext Transfer Protocol (HTTP)  Application-level  Stateless Example  Web Browser.

Web Application Security Presented by Ben Lake. How the Web Works Hypertext Transfer Protocol (HTTP)  Application-level  Stateless Example  Web Browser.

Similar presentations

Ads by Google