SAP: Session (Fixation) Attacks and Protections - Black Hat
SAP: Session (Fixation) Attacks and Protections - Black Hat
SAP: Session (Fixation) Attacks and Protections - Black Hat
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
#2 <strong>Protections</strong> (4)WebLogic <strong>Session</strong> <strong>Fixation</strong>• WebLogic Server provides the following APIto regenerate the session ID after asuccessful authentication:ServletAuthentication.generateNew<strong>Session</strong>ID(request);• Security on the web developer’s h<strong>and</strong>s• Documentation must include best practices– Will be added as a result of this discoveryhttp://download.oracle.com/docs/cd/E11035_01/wls100/javadocs/weblogic/servlet/security/ServletAuthentication.htmlCopyright © 2011 Taddong S.L. www.taddong.com47