Answers can be found at http://mdsec.net/wahh.
- You log in to an application, and the server sets the following cookie:
An hour later, you log in again and receive the following:
What can you deduce about these cookies?
- An application employs six-character alphanumeric session tokens and five-character alphanumeric passwords. Both are randomly generated according to an unpredictable algorithm. Which of these is likely to be the more worthwhile target for a brute-force guessing attack? List all the different factors that may be relevant to your decision.
- You log in to an application at the following URL:
and the server sets the following cookie:
Set-cookie: sessionId=1498172056438227; domain=foo.wahh-
app.com; path=/login; HttpOnly;
You then visit a range of other URLs. To which of the following will your browser submit the sessionId cookie? (Select all that apply.)
- The application you are targeting uses per-page tokens in addition to the primary session token. If a per-page token ...