Session fixation – the forgotten vulnerability?
| dc.contributor.author | Schrank, Michael | |
| dc.contributor.author | Braun, Bastian | |
| dc.contributor.author | Johns, Martin | |
| dc.contributor.author | Posegga, Joachim | |
| dc.contributor.editor | Freiling, Felix C. | |
| dc.date.accessioned | 2019-01-17T13:26:54Z | |
| dc.date.available | 2019-01-17T13:26:54Z | |
| dc.date.issued | 2010 | |
| dc.description.abstract | The term 'Session Fixation vulnerability' subsumes issues in Web applications that under certain circumstances enable the adversary to perform a session hijacking attack through controlling the victim's session identifier value. We explore this vulnerability pattern. First, we give an analysis of the root causes and document existing attack vectors. Then we take steps to assess the current attack surface of Session Fixation. Finally, we present a transparent server-side method for mitigating vulnerabilities. | en |
| dc.identifier.isbn | 978-3-88579-264-2 | |
| dc.identifier.pissn | 1617-5468 | |
| dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/19794 | |
| dc.language.iso | en | |
| dc.publisher | Gesellschaft für Informatik e.V. | |
| dc.relation.ispartof | Sicherheit 2010. Sicherheit, Schutz und Zuverlässigkeit | |
| dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-170 | |
| dc.title | Session fixation – the forgotten vulnerability? | en |
| dc.type | Text/Conference Paper | |
| gi.citation.endPage | 352 | |
| gi.citation.publisherPlace | Bonn | |
| gi.citation.startPage | 341 | |
| gi.conference.date | 5.-7. Oktober 2010 | |
| gi.conference.location | Berlin | |
| gi.conference.sessiontitle | Regular Research Papers |
Dateien
Originalbündel
1 - 1 von 1