6 Assessing Session Management Mechanisms

This chapter covers techniques used to bypass and assess session management schemes. Session management schemes are used by applications to keep track of user activity, usually by means of session tokens. Web assessments of session management also involve determining the strength of the session tokens used and whether those tokens are properly protected. We will learn how to use Burp Suite to perform such tests.

In this chapter, we will cover the following recipes:

Testing session token strength using Sequencer
Testing for cookie attributes
Testing for session fixation
Testing for exposed session variables
Testing for cross-site request forgery

Technical requirements

To complete the recipes in this ...

Get Burp Suite Cookbook - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Burp Suite Cookbook - Second Edition by Dr. Sunny Wear

6

Assessing Session Management Mechanisms

Technical requirements

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly