SAP: Session (Fixation) Attacks and Protections - Black Hat
SAP: Session (Fixation) Attacks and Protections - Black Hat
SAP: Session (Fixation) Attacks and Protections - Black Hat
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Attack Vectors (1)• Web references or links (URLs):– Social engineering tricks: entice user to followthe link with the attacker’s session IDhttps://portal.example.com/private;sessionid=012345?...• HTTP meta tags (e.g. cookies):– Cannot be disabled in web browsershttps://portal.example.com/• Untrusted client shared environmentsCopyright © 2011 Taddong S.L. www.taddong.com18