Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ESSOS
2011
Springer
2011
Springer
SessionShield: Lightweight Protection against Session Hijacking
The class of Cross-site Scripting (XSS) vulnerabilities is the most prevalent security problem in the field of Web applications. One of the main attack vectors used in connection with XSS is session hijacking via session identifier theft. While session hijacking is a client-side attack, the actual vulnerability resides on the server-side and, thus, has to be handled by the website’s operator. In consequence, if the operator fails to address XSS, the application’s users are defenseless against session hijacking attacks. In this paper we present SessionShield, a lightweight client-side protection mechanism against session hijacking that allows users to protect themselves even if a vulnerable website’s operator neglects to mitigate existing XSS problems. SessionShield is based on the observation that session identifier values are not used by legitimate clientside scripts and, thus, need not to be available to the scripting languages running in the browser. Our system requires no ...
Real-time TrafficESSOS 2011 | Protection Mechanism | Scripting Languages | Session Hijacking | Software Engineering |
Related Content
| Added | 27 Aug 2011 |
| Updated | 27 Aug 2011 |
| Type | Journal |
| Year | 2011 |
| Where | ESSOS |
| Authors | Nick Nikiforakis, Wannes Meert, Yves Younan, Martin Johns, Wouter Joosen |
Comments (0)
Researcher Info
|
