Liberal Cookie Scope
The usual simple summary of how cookies work is that the server issues a cookie using the HTTP response header
Read moreHACKING
Disclosure of Tokens in Logs
Aside from the clear-text transmission of session tokens in network communications, the most common place where tokens are simply disclosed
Read moreWeaknesses in Session Token Generation
Session management mechanisms are often vulnerable to attack because tokens are generated in an unsafe manner that enables an attacker
Read moreAttacking Session Management
The session management mechanism is a fundamental security component in the majority of web applications. It is what enables the
Read moreDefects in Multistage Login Mechanisms
Some applications use elaborate login mechanisms involving multiple stages. For example: ■ Entry of a username and password. ■ A
Read moreImplementation Flaws in Authentication
Even a well-designed authentication mechanism may be highly insecure due to mistakes made in its implementation. These mistakes may lead
Read moreUser Impersonation Functionality
Some applications implement the facility for a privileged user of the application to impersonate other users, in order to access
Read moreForgotten Password Functionality
Like password change functionality, mechanisms for recovering from a forgotten password situation often introduce problems that may have been avoided
Read moreThe Advantages of Ethical Hacking
Testing Security Measures The primary advantage of having ethical hackers on a company’s payroll is that the hackers are allowed
Read moreHacking & Ethical Hacking
Hacking Gaining access to a system that you are not supposed to have access is considered as hacking. For example:
Read more