SAP: Session (Fixation) Attacks and Protections - Black Hat
SAP: Session (Fixation) Attacks and Protections - Black Hat
SAP: Session (Fixation) Attacks and Protections - Black Hat
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
#2 Vulnerability Disclosure Timeline• Vendor notified in early December 2010– Quick analysis & limited target information– Conclusion: Specific to target environment• Mid-February 2011: full configuration details– Re-analyzed for confirmation• Early/Mid-March 2011:– Conclusion: HTTPS misconfiguration & lack ofsession ID regeneration (developer’s h<strong>and</strong>s)Web-app source code for in-depth analysis <strong>and</strong> ratification?Copyright © 2011 Taddong S.L. www.taddong.com43