Join Kevin Skoglund for an in-depth discussion in this video Session fixation, part of Programming Foundations: Web Security.
- There is another risk to using sessions…for sensitive data.…It's a variation on session hijacking,…and it's called Session Fixaton.…The idea behind Session Fixation…is that a hacker tricks a user…into using a hacker-provided session identifier.…It's like the opposite of session hijacking.…Instead of a hacker stealing your session ID,…a hacker gives you a session ID to use instead.…It can be used for the same purposes…as session hijacking, to assume your identity…and your logged in status to steal your personal info…and even change your password.…
It's successful if the user authenticates…that known session identifier.…Let me walk you through how it works.…So, normally, when you connect to a site…you send any cookie data that you have…with each request.…So if you were gonna connect to yourbank.com…and you were gonna login, it would pass along…your session identifier information when you did that.…Let's imagine now, though, that a hacker goes…and they establish a legitimate session…with your bank.…The hacker doesn't have to be logged in,…
This course is great for developers who want to secure their client's websites, and for anyone else who wants to learn more about web security.
- Why security matters
- What is a hacker?
- How to write a security policy
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- SQL injection
- Session hijacking and fixation
- Passwords and encryption
- Secure credit card payments
Skill Level Beginner
1. Security Overview
2. General Security Principles
3. Filtering Input, Controlling Output
4. The Most Common Attacks
5. Encryption and User Authentication
6. Other Areas of Concern
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.