SAP: Session (Fixation) Attacks and Protections - Black Hat
SAP: Session (Fixation) Attacks and Protections - Black Hat
SAP: Session (Fixation) Attacks and Protections - Black Hat
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Conclusions (3)• Impact on the web-app design <strong>and</strong> on multiplemodules (<strong>and</strong> 3 rd -party components)– Complexity of web-apps <strong>and</strong> core nature ofsession management infrastructures– Minor misconfiguration introduces vulnerability?– How easy is to fix session fixation?– Plan <strong>and</strong> test early in design <strong>and</strong> development• Promote (continuous) testing for session fixationflaws, development awareness, <strong>and</strong> improvevulnerability h<strong>and</strong>ling <strong>and</strong> disclosureCopyright © 2011 Taddong S.L. www.taddong.com77