Skip to Main Content
Web Penetration Testing with Kali Linux 2.0, Second Edition
book

Web Penetration Testing with Kali Linux 2.0, Second Edition

by Juned Ahmed Ansari
November 2015
Intermediate to advanced content levelIntermediate to advanced
312 pages
7h 18m
English
Packt Publishing
Content preview from Web Penetration Testing with Kali Linux 2.0, Second Edition

Session-based flaws

Session token is an important mechanism in the overall authentication scheme of web applications. Once a user successfully authenticates to the web application, a token is assigned to the user. It is usually a long random number. This token is then shared by the user on subsequent interactions with the web application and is used for re-authentication purpose. Now, the token represents the identity of a user. Session tokens are also used to track user behavior. This mechanism has an inherent problem; if a malicious attacker is able to determine the victim's session token, the attacker can impersonate as the victim.

The session token becomes as important piece of information and needs to be carefully protected with the same vigour ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Web Penetration Testing with Kali Linux

Web Penetration Testing with Kali Linux

Joseph Muniz, Aamir Lakhani
Hands-On AWS Penetration Testing with Kali Linux

Hands-On AWS Penetration Testing with Kali Linux

Karl Gilbert Gupta, Benjamin Caudill

Publisher Resources

ISBN: 9781783988525