By attacking the user’s session, an attacker can gain control over an authenticated session, giving him the same level of access to the target application as the victim. Unfortunately, applications often deploy weak authentication systems and insufficiently protect authenticated sessions, thereby enabling these attacks. In this chapter, we cover two attacks that enable the attacker to transfer an authenticated session from the victim’s browser to his own: session-hijacking and Session fixation. In addition, we cover the impact of credential theft, a common attack that gives the attacker valid user credentials, allowing him to impersonate a user to the target application. Attacks on the user’s session are common, and are supported by various tools and attack frameworks.
CITATION STYLE
De Ryck, P. D., Desmet, L., Piessens, F., & Johns, M. (2014). Attacks on the user’s session. In SpringerBriefs in Computer Science (Vol. 0, pp. 69–82). Springer. https://doi.org/10.1007/978-3-319-12226-7_7
Mendeley helps you to discover research relevant for your work.