SAP: Session (Fixation) Attacks and Protections - Black Hat
SAP: Session (Fixation) Attacks and Protections - Black Hat
SAP: Session (Fixation) Attacks and Protections - Black Hat
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Session</strong> Management in Web-Apps• HTTP is a stateless protocol (RFC2616)• <strong>Session</strong> tracking capabilities built on top ofHTTP (session IDs or tokens)• Key & core component of web-apps:Pre-Auth<strong>Session</strong>sAuthentication<strong>Session</strong>ManagementAccess Control<strong>Session</strong>finalizationAre there any security risks? Copyright © 2011 Taddong S.L. www.taddong.com4