SAP: Session (Fixation) Attacks and Protections - Black Hat
SAP: Session (Fixation) Attacks and Protections - Black Hat
SAP: Session (Fixation) Attacks and Protections - Black Hat
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
#2 <strong>Protections</strong> (7)Automatic?• Could we thoroughly link the custom web-appauthentication code <strong>and</strong> session managementcapabilities to always enforce HTTPS <strong>and</strong> sessionID renewal?• Default framework behavior vs. developer’s code• At the industry level (specifications & implementations)Pre-Auth<strong>Session</strong>sHTTPSAuthentication<strong>Session</strong>ManagementSecureAccessHow to securely link these three components?Copyright © 2011 Taddong S.L. www.taddong.com50