Session Hijacking - PowerPoint PPT Presentation

1 / 7

About This Presentation

Title:

Session Hijacking

Description:

Session Hijacking Tarun Lall What is Session Hijacking TCP Connection Takeover Takeover of a Web Application Session State Management HTTP is Stateless Web ... – PowerPoint PPT presentation

Number of Views:564

Avg rating:3.0/5.0

Slides: 8

Provided by: Taru47

Category:

Tags: hacking | hijacking | session

Transcript and Presenter's Notes

Title: Session Hijacking

1
Session Hijacking

Tarun Lall

2
What is Session Hijacking

TCP Connection Takeover
Takeover of a Web Application Session

3
State Management

HTTP is Stateless
Web Applications need state
User Logins
Shopping Carts

4
State Management, Contd

Client Side
Server Side
Golden Rule of Web Application Security
Cookies and Hidden Fields

5
Reasons for Session Hijacking

No Standards for Maintaining State
Session Tracking and State information at Client

6
How to Prevent Session Hijacking

Session Identifiers Should Be Unique
Session Identifiers Should Not be Guessable
Session Identifiers Should Be Independent
Session Identifiers Should be Mapped with
Client-Side Connections

7
References

Web hacking Attacks and Defense by Stuart
McClure, Saumil Shah, Shreeraj Shah
http//www.ftponline.com/javapro/2004_01/magazine/
columns/proshop/default_pf.aspx
http//www.iss.net/security_center/advice/Exploits
/TCP/session_hijacking/default.htm
http//staff.washington.edu/dittrich/talks/qsm-sec
/script.html

Write a Comment

User Comments (0)

About PowerShow.com

Recommended Relevance Latest Highest Rated Most Viewed

Sort by:

Related More from user

CrystalGraphics Presentations

World's Best PowerPoint Templates PowerPoint PPT Presentation

World's Best PowerPoint Templates - CrystalGraphics offers more PowerPoint templates than anyone else in the world, with over 4 million to choose from. Winner of the Standing Ovation Award for “Best PowerPoint Templates” from Presentations Magazine. They'll give your presentations a professional, memorable appearance - the kind of sophisticated look that today's audiences expect. Boasting an impressive range of designs, they will support your presentations with inspiring background photos or videos that support your themes, set the right mood, enhance your credibility and inspire your audiences.

CrystalGraphics 3D Character Slides for PowerPoint PowerPoint PPT Presentation

CrystalGraphics 3D Character Slides for PowerPoint - CrystalGraphics 3D Character Slides for PowerPoint

Chart and Diagram Slides for PowerPoint PowerPoint PPT Presentation

Chart and Diagram Slides for PowerPoint - Beautifully designed chart and diagram s for PowerPoint with visually stunning graphics and animation effects. Our new CrystalGraphics Chart and Diagram Slides for PowerPoint is a collection of over 1000 impressively designed data-driven chart and editable diagram s guaranteed to impress any audience. They are all artistically enhanced with visually stunning color, shadow and lighting effects. Many of them are also animated. And they’re ready for you to use in your PowerPoint presentations the moment you need them. – PowerPoint PPT presentation

Related Presentations

Session Hijacking PowerPoint PPT Presentation

Session Hijacking - Much easier to hijack. The TCP sequence numbers are known. This is the one we will study ... This setup is sometimes called MitM' ARP Spoofing Hijack ... | PowerPoint PPT presentation | free to view

Sniffing and Session Hijacking PowerPoint PPT Presentation

Sniffing and Session Hijacking - pen registers provides access to the numbers that are dialed from a phone ... possible with cellular phones. can work even when phone not in use. Session Hijacking ... | PowerPoint PPT presentation | free to view

STRAYER SEC 435 Week 1 Discussion Session Hijacking NEW PowerPoint PPT Presentation

STRAYER SEC 435 Week 1 Discussion Session Hijacking NEW - STRAYER SEC 435 Week 1 Discussion Session Hijacking NEW http://www.assignmentcloud.com/sec-435-strayer/sec-435-week-1-discussion-session-hijacking-new For more classes visit http://www.assignmentcloud.com | PowerPoint PPT presentation | free to view

Session Management PowerPoint PPT Presentation

Session Management - Example 1: login over SSL, but subsequent HTTP. What happens as wireless Caf ? ... The famous MySpace Samy worm: (2005) Bypassed MySpace script filters ... | PowerPoint PPT presentation | free to view

Session and Cookie Management in .Net PowerPoint PPT Presentation

Session and Cookie Management in .Net - Session and Cookie Management in .Net Sandeep Kiran Shiva UIN: 00822389 | PowerPoint PPT presentation | free to view

Session Layer Security PowerPoint PPT Presentation

Session Layer Security - Title: Lecture 6: Session Layer Security Subject: NETE4630 Author: Supakorn Kungpisdan Last modified by: Windows User Created Date: 1/2/2006 5:41:37 PM | PowerPoint PPT presentation | free to view

Sniffing, Spoofing, Hijacking PowerPoint PPT Presentation

Sniffing, Spoofing, Hijacking - The connection is secure, but Dsniff exploits what happens before the connection Attacker runs an DNS spoof along with webmitm. Webmitm proxies the connection: ... | PowerPoint PPT presentation | free to view

Summary of last session PowerPoint PPT Presentation

Summary of last session - Summary of last session | PowerPoint PPT presentation | free to view

RTSP Security PowerPoint PPT Presentation

RTSP Security - RTSP: What is it? RTSP: Real Time Streaming Protocol. Specifications: ... RTSP Security hole: Session hijacking. Retrieving the random identifier of the session. ... | PowerPoint PPT presentation | free to view

University at Albany, School of Business PowerPoint PPT Presentation

University at Albany, School of Business - Session Hijacking. Exploit Demonstration. University at Albany, ... Session Hijacking. Protection/Detection. Additional protection at the Data Link Layer: ... | PowerPoint PPT presentation | free to view

Formal Methods Demo Session Initiation Protocol (SIP) Vulnerability Testing PowerPoint PPT Presentation

Formal Methods Demo Session Initiation Protocol (SIP) Vulnerability Testing - Title: VoIP H.323 Author: David Gibson Last modified by: COEMASTER Created Date: 7/10/2002 6:55:35 PM Document presentation format: Letter Paper (8.5x11 in) | PowerPoint PPT presentation | free to view

Summary of Session 4 PowerPoint PPT Presentation

Summary of Session 4 - Arthur Levin (Head, Std. policy division, ITU/TSB) Nadi, Fiji, ... ICTs, ITU and Climate Change (by Arthur Levin) Introduced global framework on climate change, ... | PowerPoint PPT presentation | free to view

Formal Methods Demo Session Initiation Protocol (SIP) Vulnerability Testing PowerPoint PPT Presentation

Formal Methods Demo Session Initiation Protocol (SIP) Vulnerability Testing - SIP Network in SDL. 3. Call Hijacking Possible Scenario. 1006. 1007. 1004. SIP ... Vulnerability to Call Hijacking. IP Phone. Tester (Registrar) REGISTER ... | PowerPoint PPT presentation | free to view

MANAGEMENT POLICY AND STRATEGY SESSION - XI PowerPoint PPT Presentation

MANAGEMENT POLICY AND STRATEGY SESSION - XI - SPECIAL ALTERT CONTROL AT UNITED AIRLINES The sudden impact of an airline crash can be devastating to a major airline. ... Strategic Management Subject: Pearce ... | PowerPoint PPT presentation | free to view

SEC 435 Enhance teaching / snaptutorial.com PowerPoint PPT Presentation

SEC 435 Enhance teaching / snaptutorial.com - You will need to create your own original thread. The create thread button is in the upper left corner once you click on the link above. "Session Hijacking" Select one of the following and discuss in no less than three paragraphs, and have at least one response to another student of at least one paragraph: • Consider the “What if” case in Chapter 1 from the Book: Web Applications and Data Servers and respond to one or more of the questions asked. • Research the web, and discuss any recent story concerning session hijacking. Provide summary and discussion on what might have been done to prevent such hijacking, or how such hijacking can be recognized. • Any current topic or article related to penetration techniques. • The instructor insight. | PowerPoint PPT presentation | free to view

SEC 435 RANK Education Fabulous--sec435rank.com PowerPoint PPT Presentation

SEC 435 RANK Education Fabulous--sec435rank.com - FOR MORE CLASSES VISIT www.sec435rank.com You will need to create your own original thread. The create thread button is in the upper left corner once you click on the link above. "Session Hijacking" Select one of the following and discuss in no less than three paragraphs, and have at least one response to another student of at least one paragraph: • Consider the “What if” case in Chapter 1 from the Book: Web Applications and Data Servers and respond to one or more of the questions asked. • Research the web, and discuss any recent story concerning session hijacking. Provide summary and discussion on what might have been done to prevent such hijacking, or how such hijacking can be recognized. • Any current topic or article related to penetration techniques. • The instructor insight. | PowerPoint PPT presentation | free to view

Maintaining State in PHP Part II - Sessions PowerPoint PPT Presentation

Maintaining State in PHP Part II - Sessions - ... is stored in a cookie, or passed in the URL between pages while the user browses. ... the session id between pages as a user browses to track the session. ... | PowerPoint PPT presentation | free to view

Group Session: Malvertising: How To Detect and Deal With Malicious Ads PowerPoint PPT Presentation

Group Session: Malvertising: How To Detect and Deal With Malicious Ads - Malware Ads, or 'Malvertisements', when displayed attempt to ... publicity and complaints with federal agencies, law enforcement and online advocacy groups ... | PowerPoint PPT presentation | free to view

CIS 450 PowerPoint PPT Presentation

CIS 450 - In hijacking, the attacker is taking over an existing session and takes the ... Normal active hijacking with the detection of the ACK storm. ... | PowerPoint PPT presentation | free to view

SEC 435 Possible Is Everything - snaptutorial.com PowerPoint PPT Presentation

SEC 435 Possible Is Everything - snaptutorial.com - You will need to create your own original thread. The create thread button is in the upper left corner once you click on the link above. "Session Hijacking" Select one of the following and discuss in no less than three paragraphs, and have at least one response to another student of at least one paragraph: • Consider the “What if” case in Chapter 1 from the Book: Web Applications and Data Servers and respond to one or more of the questions asked. • Research the web, and discuss any recent story concerning session hijacking. Provide summary and discussion on what might have been done to prevent such hijacking, or how such hijacking can be recognized. • Any current topic or article related to penetration techniques. • The instructor insight. | PowerPoint PPT presentation | free to view

Information Security Session October 24, 2005 PowerPoint PPT Presentation

Information Security Session October 24, 2005 - Simple for people to disguise email addresses and location of websites. 6/22/09 ... Examples Bank of America Phish. Target: Bank of America customers ... | PowerPoint PPT presentation | free to view

Security Technologies: Penetration Testing PowerPoint PPT Presentation

Security Technologies: Penetration Testing - Upon completion of this material, you should ... Introduction to Open Source Tools that assist in ... Session Hijacking taking over TCP session ... | PowerPoint PPT presentation | free to view

SEC 435 Education Organization / snaptutorial.com PowerPoint PPT Presentation

SEC 435 Education Organization / snaptutorial.com - For more classes visit www.snaptutorial.com You will need to create your own original thread. The create thread button is in the upper left corner once you click on the link above. "Session Hijacking" Select one of the following and discuss in no less than three paragraphs, and have at least one response to another student of at least one paragraph: • Consider the “What if” case in Chapter 1 from the Book: Web Applications and Data Servers and respond to one or more of the questions asked. • Research the web, and discuss any recent story concerning session hijacking. Provide summary and discussion on what might have been done to prevent such hijacking, or how such hijacking can be recognized. • Any current topic or article related to penetration techniques. • The instructor insight. | PowerPoint PPT presentation | free to view

SEC 435 Competitive Success--snaptutorial.com PowerPoint PPT Presentation

SEC 435 Competitive Success--snaptutorial.com - You will need to create your own original thread. The create thread button is in the upper left corner once you click on the link above. "Session Hijacking" Select one of the following and discuss in no less than three paragraphs, and have at least one response to another student of at least one paragraph: • Consider the “What if” case in Chapter 1 from the Book: Web Applications and Data Servers and respond to one or more of the questions asked. • Research the web, and discuss any recent story concerning session hijacking. Provide summary and discussion on what might have been done to prevent such hijacking, or how such hijacking can be recognized. • Any current topic or article related to penetration techniques. • The instructor insight. | PowerPoint PPT presentation | free to view

Hijacking Web 2.0 Sites with SSLstrip and Slowloris Hands-on Training Sam Bowne and RSnake PowerPoint PPT Presentation

Hijacking Web 2.0 Sites with SSLstrip and Slowloris Hands-on Training Sam Bowne and RSnake - From http://www.ebizmba.com/articles/user-generated-content. Password Stealing. Easy ... Traffic to Facebook. Forwarded & Altered Traffic. Demonstration ... | PowerPoint PPT presentation | free to view