parties to obtain the value of cookies submitted to the application, as in

the previous blogging example.

■■

The other applications may not have been subjected to the same secu-

are less important, do not handle sensitive data, or have been created

only for test purposes). Many kinds of vulnerability that may exist in

those applications (for example, cross-site scripting vulnerabilities) may

■

Attacking Session Management

70779c07.qxd:WileyRed  9/14/07  3:13 PM  Page 204

be irrelevant to the security posture of those applications but could

enable an external attacker to leverage an insecure application in order

to capture session tokens created by the sensitive application.

Download 5,76 Mb.

Do'stlaringiz bilan baham: