■ Why authentication and session vulnerabilities are so widespread
■ Using Burp Intruder for brute force authentication attacks
■ Why session attacks are so difficult: cookie cracking is not a good idea
■ Pillaging the web server’s file system with path traversal attacks
Authentication allows us to sign in to a web application so we have a personalized browsing experience, while session management keeps tracks of the requests and responses so we can perform multistep actions such as shopping and bill paying. They are really two peas in a pod. Neither authentication nor session management was considered when the HTTP protocol was invented ...