Explore some potential session management issues for web applications, the risks associated with them, and learn how to avoid them.
- Session management vulnerabilities…are associated with web application based…client server systems.…Let's take a look at the vulnerabilities…and mitigations in this context.…To understand session management issues,…first let's look at how HTTP works.…HTTP is a stateless protocol…which means there is no user data…or other information stored between requests…in the web server.…
In a pure stateless HTTP system,…each and every request is independent…of every other request, even if it's the same user…with the same browser in the same browsing session.…Some developers feel the need to maintain…some sort of state for the user…leading to the creation of the session.…The session is usually initiated…by some event on the website.…Authentication is usually that event…that starts the session and generates the unique token.…
The server shares that token with the client…through a cookie.…Now every subsequent request from the client…to the server will send that cookie…and the token it contains.…The server can then use the token in that cookie…
AuthorFrank P Moley III
- Understanding attackers and risks
- Documenting your risks
- Issues related to web client–server interactions
- Issues related to thick app and client–server interactions
- Authorization and cryptography issues
- Implementing security in each phase of the software development life cycle
Skill Level Beginner
Web Security: OAuth and OpenID Connectwith Keith Casey1h 26m Intermediate
Programming Foundations: Design Patternswith Elisabeth Robson2h 19m Intermediate
What you need to know1m 35s
1. Security and Risk Overview
2. Web Client Server Interaction Code Issues
3. Thick App and Client-Server Interaction Issues
4. Crypto and Security Misuse Issues
5. Security in the SDLC
Next steps2m 10s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.