Session hijacking attacks attempt to steal the authentication credentials of an authorized user who logged into a system and then reuse those credentials to gain access to the system. In this video, learn how attackers exploit cookies to steal session credentials and the ways that security professionals can defend against these session hijacking attacks.
- [Instructor] Cookies are often used…for web application authentication.…After a user logs into a system,…the web server provides a cookie…so that the user doesn't need…to continuously log into the system…every time he or she requests a new web page.…Presenting the cookie with each request…causes the web server to reference…the earlier successful login.…One major flaw with some web applications…is that they don't use random cookies.…Instead, they use a guessable value.…Let's go ahead and take a look at an example.…
We'll turn to the WebGoat application…security demonstration tool and the Zap web proxy.…This time, we're using a simple web application…that asks for a username and a password,…and has a login button.…I have two accounts that I know exist on this server,…and I'm going to go ahead…and start the Zap application proxy…and tell it to intercept the login request.…I go back to the application.…The first time I'll log on with the WebGoat account,…and click the log in button.…
Zap intercepts that request,…and when I step through it,…
We are now a CompTIA Content Publishing Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Provisioning and deprovisioning
- Identity security issues
- Using biometric measures as identification mechanisms
- Multifactor authentication
- Password authentication protocols
- How LDAP and Kerberos work together
- Identity as a Service (IDaaS)
- Mandatory and discretionary access controls
- Defending against password attacks
- Social engineering attacks
Skill Level Intermediate
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Intermediate
IT Security: Key Policies and Resourceswith Gregory Michaelidis23m 44s Intermediate
Implementing an Information Security Programwith Kip Boyle2h 31m Intermediate
1. Identity and Access Management
5. Access Control Exploits
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.