0% found this document useful (0 votes)
51 views7 pages

5 Mins Presentation-Session Vulnerabilities

Session management vulnerabilities allow attackers to impersonate users or access unauthorized information. Incorrect handling of sessions, such as failing to terminate idle sessions or generating tokens based on predictable information, enables session fixation, sniffing, and prediction attacks. Defenses include using HTTPS, terminating idle sessions, generating random tokens, and implementing cross-site request forgery protections.

Uploaded by

ncchamara2181
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
51 views7 pages

5 Mins Presentation-Session Vulnerabilities

Session management vulnerabilities allow attackers to impersonate users or access unauthorized information. Incorrect handling of sessions, such as failing to terminate idle sessions or generating tokens based on predictable information, enables session fixation, sniffing, and prediction attacks. Defenses include using HTTPS, terminating idle sessions, generating random tokens, and implementing cross-site request forgery protections.

Uploaded by

ncchamara2181
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Session Management

Vulnerabilities
Session Handling
• Sessions use to keep the state
• Incorrect handling of Sessions allow attackers to reuse
sessions to impersonate users
• Timeout
– Idle Session needs to be removed from the system based on a timeout
– If no timeouts are set attackers can reuse the Invalid sessions
• Tokens based on User Information
– If tokens are generated with information such as username or email
can be reversed by attackers
Possible Attacks
• Session Sniffing
– Passively intercepting a session’s data that’s being
transmitted
HTTP Packet Sniffing
Vulnerabilities
– Not using HTTPS in web sites
– Secure Flag is not set
– Application allowing HTTP requests for pages under HTTPS
– Application using HTTP before authentication

Log Sniffing
Vulnerabilities
– Transmitting Token as a URL Parameter
– Token is transmitted in a hidden field but server accepts GET Requests
Possible Attacks
Cache Sniffing
Attacker access the Browser or Proxy Cache
Vulnerabilities
– Directives (Expires:0 and Cache-control:max-age=0 or Cache-
Control:no-cache) aren’t in the HTTP response header
– directive Cache- Control:private enables the cache only on the
machine on which the user is working (Create Risk in Shared
Machines)

XSS Cookie Sniffing


Vulnerabilities
Web application is vulnerable to XSS attacks
Possible Attacks
• Session Prediction
– Guess a token and connect with the website as a
legitimate user
– Token Tampering : If token is predictable
– Brute Force Attack

• Vulnerabilities
– Too long idle time
– Flawed or week implementation of Session Termination
Possible Attacks
• Session Fixation
Attacker fixes the token before the victim’s authentication
– 3 Steps in Attack
i. Session setup. The attacker creates a session on the server (a “trap
session”) and receives or creates the token.
ii. Session fixation. The attacker introduces the token into the victim’s
browser.
iii. Session entrance. The attacker waits for the user to enter the
session, at which time the attacker can also enter.
• CSRF
• Cross Site Request Forgery
• Aims to accomplish specific actions instead of obtaining
session control
References
[1] "OWASP TOP 10 - 2010 The Ten Most Critical Web Application Risks", The
Ten Most Critical Web Application Security Risks, 2010.
[2] “Session Management Vulnerabilities in Today’s web", IEEE COMPUTER
AND RELIABILITY SOCIETIES, 2010.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy