From the course: CompTIA Security+ (SY0-601) Cert Prep: 2 Secure Code Design and Implementation
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Session hijacking
From the course: CompTIA Security+ (SY0-601) Cert Prep: 2 Secure Code Design and Implementation
Session hijacking
- [Instructor] Cookies are often used for web application authentication. After a user logs in to a system, the web server provides a cookie so that the user doesn't need to continuously log in to the system every time they request a new web page. Presenting the cookie with each request causes the web server to reference the earlier successful login. One major flaw in some web applications is that they don't use random cookies. Instead, they use a guessable value. Let's go ahead and take a look at an example. Once again, we'll turn to the WebGoat Application Security Demonstration tool, and the ZAP web proxy. This time, we're using a simple web application that asks for a username and a password, and has a Log In button. I have two accounts that I know exist on this server, and I'm going to go ahead and start the ZAP application proxy and tell it to intercept the login request. I go back to the application, the first…
Contents
-
-
-
-
-
(Locked)
OWASP Top 105m 36s
-
(Locked)
Application security4m 13s
-
(Locked)
Prevent SQL injection4m 25s
-
(Locked)
Cross-site scripting3m 17s
-
(Locked)
Request forgery4m 8s
-
(Locked)
Defend against directory traversal3m 6s
-
(Locked)
Overflow attacks3m 21s
-
(Locked)
Cookies and attachments4m 25s
-
(Locked)
Session hijacking4m 8s
-
(Locked)
Code execution attacks2m 43s
-
(Locked)
Privilege escalation1m 56s
-
(Locked)
Driver manipulation2m 16s
-
(Locked)
Memory vulnerabilities3m 34s
-
(Locked)
Race condition vulnerabilities2m 14s
-
(Locked)
-
-