The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

tively as a token, including cookies, URL parameters, and hidden form

Download 5,76 Mb.

Pdf ko'rish

bet	314/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 310 311 312 313 314 315 316 317 ... 875

Bog'liq
3794 1008 4334

tively as a token, including cookies, URL parameters, and hidden form

fields. Some of these items may be used to maintain session state on dif-

ferent back-end components. Do not assume that a particular parameter

is the session token without proving it, or that sessions are being tracked

using only one item.

■

Sometimes, items that appear to be the application’s session token may

not be. In particular, the standard session cookie generated by the web

server or application platform may be present but not actually used by

the application.

■

Observe which new items are passed to the browser after authentication.

Often, new session tokens are created after a user authenticates herself.

■

To verify which items are actually being employed as tokens, find a page

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 310 311 312 313 314 315 316 317 ... 875