SAP: Session (Fixation) Attacks and Protections - Black Hat
SAP: Session (Fixation) Attacks and Protections - Black Hat
SAP: Session (Fixation) Attacks and Protections - Black Hat
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Session</strong> ID Exchange (1)• Multiple mechanisms are available inHTTP to maintain session state• <strong>Session</strong> ID sent as a…– Cookie (st<strong>and</strong>ard HTTP header)– URL parameter (URL rewritting) – RFC 2396– URL argument: GET request (URL rewriting)– Body argument: POST request– Hidden form field (HTML forms)– Proprietary HTTP headerCopyright © 2011 Taddong S.L. www.taddong.com11