Presentation Attacks

One extremely common type of attack is the presentation attack, often referred to as a replay attack. This type of attack generally involves an attacker posing as a legitimate user of your application by presenting information previously stolen from that user. These types of attacks are made possible by designs that only consider the legitimate uses of the application, which is why you should avoid this approach.

Many presentation attacks use the Cookie header to present someone else’s cookies. Although SSL can be used to protect cookies in transit, browser vulnerabilities exist that can allow a user’s cookies to be read by an unauthorized site. Consider the following scenario:

1.
User logs in to site A.
2.
Site A sets ...

Get HTTP Developer’s Handbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.