Postmortem of the Session Hijacking Attack

Previous page
Table of content
Next page

Postmortem of the Session Hijacking Attack

Let's revisit the Alice Bob Charles attack. Bob began his application session on eWebMail with his own identity. He had no idea what password Alice used. However, he was able to understand and eventually outwit the session state mechanism used by eWebMail. Halfway through his session, he replaced his user credentials with those of Alice, and impersonated her. Oversights and a lack of understanding about the problems caused by poor session management allowed this attack to take place.

 


Previous page
Table of content
Next page
Web Hacking(c) Attacks and Defense
Web Hacking: Attacks and Defense
ISBN: 0201761769
EAN: 2147483647
Year: 2005
Pages: 156
Authors: Stuart McClure, Saumil Shah, Shreeraj Shah
BUY ON AMAZON
C++ GUI Programming with Qt 3
Visual C# 2005 How to Program (2nd Edition)
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy