Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SAC
2011
ACM
2011
ACM
Reliable protection against session fixation attacks
The term ‘Session Fixation vulnerability’ subsumes issues in Web applications that under certain circumstances enable the adversary to perform a Session Hijacking attack through controlling the victim’s session identifier value. A successful attack allows the attacker to fully impersonate the victim towards the vulnerable Web application. We analyse the vulnerability pattern and identify its root cause in the separation of concerns between the application logic, which is responsible for the authentication processes, and the framework support, which handles the task of session tracking. Based on this result, we present and discuss three distinct server-side measures for mitigating Session Fixation vulnerabilities. Each of our countermeasures is tailored to suit a specific real-life scenario that might be encountered by the operator of a vulnerable Web application.
Real-time TrafficRelated Content
| Added | 17 Sep 2011 |
| Updated | 17 Sep 2011 |
| Type | Journal |
| Year | 2011 |
| Where | SAC |
| Authors | Martin Johns, Bastian Braun, Michael Schrank, Joachim Posegga |
Comments (0)
Researcher Info
|
