Session Hijacking - PowerPoint PPT Presentation

1 / 7
About This Presentation
Title:

Session Hijacking

Description:

Session Hijacking Tarun Lall What is Session Hijacking TCP Connection Takeover Takeover of a Web Application Session State Management HTTP is Stateless Web ... – PowerPoint PPT presentation

Number of Views:575
Avg rating:3.0/5.0
Slides: 8
Provided by: Taru47
Category:

less

Transcript and Presenter's Notes

Title: Session Hijacking


1
Session Hijacking
  • Tarun Lall

2
What is Session Hijacking
  • TCP Connection Takeover
  • Takeover of a Web Application Session

3
State Management
  • HTTP is Stateless
  • Web Applications need state
  • User Logins
  • Shopping Carts

4
State Management, Contd
  • Client Side
  • Server Side
  • Golden Rule of Web Application Security
  • Cookies and Hidden Fields

5
Reasons for Session Hijacking
  • No Standards for Maintaining State
  • Session Tracking and State information at Client

6
How to Prevent Session Hijacking
  • Session Identifiers Should Be Unique
  • Session Identifiers Should Not be Guessable
  • Session Identifiers Should Be Independent
  • Session Identifiers Should be Mapped with
    Client-Side Connections

7
References
  • Web hacking Attacks and Defense by Stuart
    McClure, Saumil Shah, Shreeraj Shah
  • http//www.ftponline.com/javapro/2004_01/magazine/
    columns/proshop/default_pf.aspx
  • http//www.iss.net/security_center/advice/Exploits
    /TCP/session_hijacking/default.htm
  • http//staff.washington.edu/dittrich/talks/qsm-sec
    /script.html
Write a Comment
User Comments (0)
About PowerShow.com