The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

If HTTP authentication is being used, it is possible that no session man-

Download 5,76 Mb.

Pdf ko'rish

bet	318/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 314 315 316 317 318 319 320 321 ... 875

Bog'liq
3794 1008 4334

(continued) Chapter 7

If HTTP authentication is being used, it is possible that no session man-

agement mechanism is implemented. Use the methods described previ-

ously to examine the role played by any token-like items of data.

■

If the application uses a sessionless state mechanism, transmitting all

data required to maintain state via the client, this may sometimes be dif-

ficult to detect with certainty, but the following are strong indicators that

this kind of mechanism is being used:

■

Token-like data items issued to the client are fairly long (e.g., 100 or

more bytes).

(continued)

Chapter 7

■

Attacking Session Management

179

70779c07.qxd:WileyRed 9/14/07 3:13 PM Page 179

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 314 315 316 317 318 319 320 321 ... 875