Skip to Content
Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition
book

Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition

by Chris Snyder, Michael Southwell, Thomas Myer
December 2010
Intermediate to advanced
363 pages
12h 21m
English
Apress
Content preview from Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition

Summary

We have continued our survey of potential threats to the safety of your users' data by abusers who take advantage of vulnerabilities in your scripts, dealing in this chapter with abuse of sessions.

After describing exactly what sessions are and how they work, we discussed two common kinds of session abuse, either hijacking or fixating them. In both cases, the abusers are attempting to use someone else's authorized access to carry out their own nefarious purposes.

We then discussed a series of possible solutions:

  • Protect your sessions with SSL or TLS, which will encrypt the entire transaction.
  • Insist on using cookies rather than $_GET variables.
  • Time sessions out.
  • Regenerate session IDs when users change status.
  • Rely on tested code abstraction. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Essential PHP Security

Essential PHP Security

Chris Shiflett
Securing PHP Apps
Preventing Web Attacks with Apache
What's New in Apache Web Server 2.2?

Publisher Resources

ISBN: 9781430233183Purchase book