5 Testing of Session Management

Welcome to Chapter 5! In this chapter, we will walk you through the recipes related to session management. The topics covered in this chapter will showcase to you how to use OWASP ZAP to capture and use session tokens that can then be used in multiple types of attacks.

In this chapter, we will cover the following recipes:

Testing for cookie attributes
Testing for cross-site request forgery (CSRF)
Testing for logout functionality
Testing for session hijacking

Technical requirements

For this chapter, you will need to install OWASP ZAP Proxy and OWASP Juice Shop on your machine to intercept traffic between the browser and OWASP Juice Shop. In addition, utilize your PortSwigger account for access to the PortSwigger ...

Get Zed Attack Proxy Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Zed Attack Proxy Cookbook by Ryan Soper, Nestor N Torres, Ahmed Almoailu

5

Testing of Session Management

Technical requirements

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly