SAP: Session (Fixation) Attacks and Protections - Black Hat
SAP: Session (Fixation) Attacks and Protections - Black Hat
SAP: Session (Fixation) Attacks and Protections - Black Hat
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
#3 <strong>Protections</strong> (4)• Enable “<strong>Session</strong>IPProtectionEnabled”– Web Container Service property• Manages J2EE web components– HTTP session cannot be accessed fromdifferent IP addresses. Only requests from theIP addr that started the session are processed– Disabled by default– If front proxy or load balancer is used• Configure the “ClientIpHeaderName” property of theHTTP Provider Service (e.g. relay “X-Forwarded-For”header)Copyright © 2011 Taddong S.L. www.taddong.com72