Improper handling of session variables in asp.NET websites is considered a serious threat and opens various doors to malicious hackers. For instance, a session variable could be manipulated in a way to subvert login authentication mechanisms. However, this article illustrates a session fixation bug in a .NET website by demonstrating various live scenarios which usually leads to a website becoming vulnerable, in terms of session hijacking. Moreover, the article circulates detailed information about exploiting vulnerable websites, as well as recommendations of practices for protecting them against session fixation attacks.
Showing posts with label Session Fixation Bugs. Show all posts
Showing posts with label Session Fixation Bugs. Show all posts
Monday, April 7, 2014
Subscribe to:
Posts (Atom)