Join Kevin Skoglund for an in-depth discussion in this video Session hijacking, part of Foundations of Programming: Web Security.
- View Offline
Once you realize some of the problems with storing…sensitive data in cookies, like we saw in the last movie,…you may choose to store that data in a session instead.…But sessions have their own pitfalls to watch out for.…Primarily, session hijacking.…Remember, the way that sessions work…is that we store sensitive information on the web server,…and then we send the browser a cookie…with a session ID to reference that information.…The information is safer…because it's never sent to the browser.…You can't view it in the cookie, and you can't see it…while it's in transit.…
However, the session ID is sent to the browser,…and a hacker can potentially steal that session ID…the same way that they steal cookies.…Only stealing a session ID can be much more valuable,…because a session often contains…your logged in status.…This allows a user to assume your identity and be you.…Let's say, for example, that you're logged into…a site like Facebook.…If a hacker can successfully hijack your session,…then to Facebook, they look like they are you,…
This course is great for developers who want to secure their client's websites, and for anyone else who wants to learn more about web security.
- Why security matters
- What is a hacker?
- How to write a security policy
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- SQL injection
- Session hijacking and fixation
- Passwords and encryption
- Secure credit card payments
Skill Level Beginner
1. Security Overview
2. General Security Principles
3. Filtering Input, Controlling Output
4. The Most Common Attacks
5. Encryption and User Authentication
6. Other Areas of Concern
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.