Skip to main content
Book Chapter

Attacks on the user’s session

Springer, (2014), 69-82
DOI: 10.1007/978-3-319-12226-7_7
1Citations
Citations of this article
2Readers
Mendeley users who have this article in their library.
Get full text

Abstract

By attacking the user’s session, an attacker can gain control over an authenticated session, giving him the same level of access to the target application as the victim. Unfortunately, applications often deploy weak authentication systems and insufficiently protect authenticated sessions, thereby enabling these attacks. In this chapter, we cover two attacks that enable the attacker to transfer an authenticated session from the victim’s browser to his own: session-hijacking and Session fixation. In addition, we cover the impact of credential theft, a common attack that gives the attacker valid user credentials, allowing him to impersonate a user to the target application. Attacks on the user’s session are common, and are supported by various tools and attack frameworks.

Author supplied keywords

Cite

CITATION STYLE

APA

De Ryck, P. D., Desmet, L., Piessens, F., & Johns, M. (2014). Attacks on the user’s session. In SpringerBriefs in Computer Science (Vol. 0, pp. 69–82). Springer. https://doi.org/10.1007/978-3-319-12226-7_7

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free