The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Chapter 7 ■ Attacking Session Management

Download 5,76 Mb.

Pdf ko'rish

bet	353/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 349 350 351 352 353 354 355 356 ... 875

Bog'liq
3794 1008 4334

Chapter 7

■

Attacking Session Management

199

70779c07.qxd:WileyRed 9/14/07 3:13 PM Page 199

HACK STEPS

■

Log in to the application twice using the same user account, either from

different browser processes or from different computers. Determine

whether both sessions remain active concurrently. If so, the application

supports concurrent sessions, enabling an attacker who has compro-

mised another user’s credentials to make use of these without risk of

detection.

■

Log in and log out several times using the same user account, either from

different browser processes or from different computers. Determine

whether a new session token is issued each time or whether the same

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 349 350 351 352 353 354 355 356 ... 875