Session fixation – the forgotten vulnerability?

Schrank, Michael; Braun, Bastian; Johns, Martin; Posegga, Joachim

Author:

Schrank, Michael [DBLP] ;

Braun, Bastian [DBLP] ;

Johns, Martin [DBLP] ;

Posegga, Joachim [DBLP]

Abstract

The term 'Session Fixation vulnerability' subsumes issues in Web applications that under certain circumstances enable the adversary to perform a session hijacking attack through controlling the victim's session identifier value. We explore this vulnerability pattern. First, we give an analysis of the root causes and document existing attack vectors. Then we take steps to assess the current attack surface of Session Fixation. Finally, we present a transparent server-side method for mitigating vulnerabilities.

Citation
BibTeX

Schrank, M., Braun, B., Johns, M. & Posegga, J., (2010). Session fixation – the forgotten vulnerability?. In: Freiling, F. C. (Hrsg.), Sicherheit 2010. Sicherheit, Schutz und Zuverlässigkeit. Bonn: Gesellschaft für Informatik e.V.. (S. 341-352).

@inproceedings{mci/Schrank2010,
author = {Schrank, Michael AND Braun, Bastian AND Johns, Martin AND Posegga, Joachim},
title = {Session fixation – the forgotten vulnerability?},
booktitle = {Sicherheit 2010. Sicherheit, Schutz und Zuverlässigkeit},
year = {2010},
editor = {Freiling, Felix C.} ,
pages = { 341-352 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}

	Dateien	Groesse	Format	Anzeige
	341.pdf	163.7Kb	PDF	View/Open

Haben Sie fehlerhafte Angaben entdeckt? Sagen Sie uns Bescheid: Send Feedback

More Info

ISBN: 978-3-88579-264-2

ISSN: 1617-5468

xmlui.MetaDataDisplay.field.date: 2010

Language:

(en)

Content Type: Text/Conference Paper

Collections

P170 - Sicherheit 2010 - Sicherheit, Schutz und Zuverlässigkeit [31]

Show full item record

All of DSpace

This Collection