3 Attacking session management

This chapter covers

Understanding how session management works
Learning how hackers can steal session ID data
Determining an attack has occurred and how to prevent it
Protecting session (and other) cookies
Using HTTPS routinely and consistently

In late 2010, software developer Eric Butler released a Firefox extension called Firesheep. It worked like this: you would connect to a public Wi-Fi network, like at a train station or a coffee shop. When installed and active, the extension would continuously analyze (unencrypted) data in the current wireless network. If someone else in the same network was logged into one of a select number of sites, a window popped up, prompting you to go to that site, as that other person. ...

Get ASP.NET Core Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ASP.NET Core Security by Christian Wenz

3 Attacking session management

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly