课程: Programming Foundations: Web Security
今天就开通帐号,24,600 门业界名师课程任您挑!
Session hijacking
- Session hijacking is an attack where a hacker steals a user's active session to gain unauthorized access to parts of a website. Sessions store user's data in a file or database on the server. It's more secure to store data in sessions than in browser cookies because the data never leaves the server. It cannot be viewed in transit or in storage. However, as we discussed in the previous movie, a session reference identifier, or session ID, is stored in a browser cookie and like all cookies, is vulnerable to theft. An attacker with a stolen session ID can access all of the data stored in the session. Even worse, they can impersonate a logged-in user. Imagine that a user logs into a web application successfully. Web application stores a bit of data in the session file to remember that the user's logged in. This enables the user to click links and visit other pages without having to re-authenticate each time. I think of it a…
下载课程离线学习
下载课程到移动设备,轻松离线学习。在领英学习 iOS 或安卓版 APP 下载课程
内容
-
-
-
-
-
-
(已锁定)
Types of credential attacks4 分钟 55 秒
-
(已锁定)
Strong passwords4 分钟 1 秒
-
(已锁定)
URL manipulation and Insecure Direct Object Reference (IDOR)4 分钟 43 秒
-
(已锁定)
SQL injection6 分钟 16 秒
-
(已锁定)
Cross-Site Scripting (XSS)6 分钟 15 秒
-
(已锁定)
Cross-Site Request Forgery (CSRF)4 分钟 21 秒
-
(已锁定)
Cross-Site Request protections3 分钟 38 秒
-
(已锁定)
Cookie visibility and theft4 分钟 37 秒
-
(已锁定)
Session hijacking5 分钟 8 秒
-
(已锁定)
Session fixation3 分钟 18 秒
-
(已锁定)
Remote system execution2 分钟 8 秒
-
(已锁定)
File upload abuse2 分钟 59 秒
-
(已锁定)
Denial of service4 分钟 55 秒
-
(已锁定)
-