Session HijackingWhat is Session HijackingState ManagementState Management, Cont’dReasons for Session HijackingHow to Prevent Session HijackingReferencesSession HijackingTarun LallWhat is Session Hijacking TCP Connection TakeoverTakeover of a Web Application SessionState ManagementHTTP is StatelessWeb Applications need stateUser LoginsShopping CartsState Management, Cont’dClient SideServer SideGolden Rule of Web Application SecurityCookies and Hidden FieldsReasons for Session HijackingNo Standards for Maintaining StateSession Tracking and State information at ClientHow to Prevent Session HijackingSession Identifiers Should Be UniqueSession Identifiers Should Not be GuessableSession Identifiers Should Be IndependentSession Identifiers Should be Mapped with Client-Side ConnectionsReferencesWeb hacking Attacks and Defense by Stuart McClure, Saumil Shah, Shreeraj
View Full Document