Session Fixation Attack (Owasp Research)
|
|
|
||||||||||||
Description:
Session fixation attacks attempt to exploit the vulnerability of a system which allows one person to fixate (set) another person's session identifier (SID). Most session fixation attacks are web based, and most rely on session identifiers being accepted from URLs (query string) or POST data.
In this video from the OWASP AppSec Research 2010 conference in Sweden, Michael Schrank, Bastian Braun and Martin Johns discuss the problem of session fixation and what can be done to solve it.
Thanks goes out to Threatpost for posting this video.
In this video from the OWASP AppSec Research 2010 conference in Sweden, Michael Schrank, Bastian Braun and Martin Johns discuss the problem of session fixation and what can be done to solve it.
Thanks goes out to Threatpost for posting this video.