课程: Programming Foundations: Web Security
今天就开通帐号,24,600 门业界名师课程任您挑!
Cookie visibility and theft
- Browser cookies are easily viewed, easily manipulated, and easily stolen. They're out of view enough that they may seem like private data, but they're not. In many browsers, a user can go into the preferences area and inspect their cookies. Recently, some browsers have made cookies a little harder for a basic user to inspect, but there's still ways to view them, such as using a browser's developer tools. Cookie data also may be visible while in transit. Cookie data is sent in the plain text in the header of every request to the web server. An attacker with the ability to observe network traffic will see them. This is easy to do on an open wifi network like those found in coffee shops, hotels, and airports. Cross-site scripting attacks can also be used to get cookie data. Here's an example in PHP. I've split the URL up to make it easier to read. It uses JavaScript to get the cookie data, and then it pings a URL that…
下载课程离线学习
下载课程到移动设备,轻松离线学习。在领英学习 iOS 或安卓版 APP 下载课程
内容
-
-
-
-
-
-
(已锁定)
Types of credential attacks4 分钟 55 秒
-
(已锁定)
Strong passwords4 分钟 1 秒
-
(已锁定)
URL manipulation and Insecure Direct Object Reference (IDOR)4 分钟 43 秒
-
(已锁定)
SQL injection6 分钟 16 秒
-
(已锁定)
Cross-Site Scripting (XSS)6 分钟 15 秒
-
(已锁定)
Cross-Site Request Forgery (CSRF)4 分钟 21 秒
-
(已锁定)
Cross-Site Request protections3 分钟 38 秒
-
(已锁定)
Cookie visibility and theft4 分钟 37 秒
-
(已锁定)
Session hijacking5 分钟 8 秒
-
(已锁定)
Session fixation3 分钟 18 秒
-
(已锁定)
Remote system execution2 分钟 8 秒
-
(已锁定)
File upload abuse2 分钟 59 秒
-
(已锁定)
Denial of service4 分钟 55 秒
-
(已锁定)
-