The term ‘Session Fixation vulnerability’ subsumes issues in Web applications that under certain circumstances enable the adversary to perform a Session Hijacking attack throu...
Martin Johns, Bastian Braun, Michael Schrank, Joac...
This paper proposes a browser spoofing attack which can break the weakest link from the server to user, i.e., man-computerinterface, and hence defeat the whole security system of ...
We describe a new attack against web authentication, which we call dynamic pharming. Dynamic pharming works by hijacking DNS and sending the victim’s browser malicious Javascrip...
Chris Karlof, Umesh Shankar, J. Doug Tygar, David ...
Typical web sessions can be hijacked easily by a network eavesdropper in attacks that have come to be designated "sidejacking." The rise of ubiquitous wireless networks,...
Cross-origin CSS attacks use style sheet import to steal confidential information from a victim website, hijacking a user's existing authenticated session; existing XSS defen...
Lin-Shung Huang, Zack Weinberg, Chris Evans, Colli...