The usual simple summary of how cookies work is that the server issues a cookie using the HTTP response header Set-cookie , and the browser then resubmits this cookie in subsequent requests to the same server using the Cookie header. In fact, matters are rather more subtle than this. The cookie mechanism allows a server … Read more
Aside from the clear-text transmission of session tokens in network communications, the most common place where tokens are simply disclosed to unauthorized view is in system logs of various kinds. Although it is a rarer occurrence, the consequences of this kind of disclosure are usually more serious because those logs may be viewed by a … Read more
Session management mechanisms are often vulnerable to attack because tokens are generated in an unsafe manner that enables an attacker to identify the values of tokens that have been issued to other users. Meaningful Tokens Some session tokens are created using a transformation of the user’s user-name or email address, or other information associated with … Read more
The session management mechanism is a fundamental security component in the majority of web applications. It is what enables the application to uniquely identify a given user across a number of different requests, and to handle the data that it accumulates about the state of that user’s interaction with the application. Where an application implements … Read more
Some applications use elaborate login mechanisms involving multiple stages. For example: ■ Entry of a username and password. ■ A challenge for specific digits from a PIN or a memorable word. ■ The submission of a value displayed on a changing physical token. Multistage login mechanisms are designed to provide enhanced security over the simple … Read more
Even a well-designed authentication mechanism may be highly insecure due to mistakes made in its implementation. These mistakes may lead to information leakage, complete login bypassing, or a weakening of the overall security of the mechanism as designed. Implementation flaws tend to be more subtle and harder to detect than design defects such as poor … Read more
Some applications implement the facility for a privileged user of the application to impersonate other users, in order to access data and carry out actions within their user context. For example, some banking applications allow helpdesk operators to verbally authenticate a telephone user and then switch their application session into that user’s context in order … Read more
Like password change functionality, mechanisms for recovering from a forgotten password situation often introduce problems that may have been avoided in the main login function, such as username enumeration. In addition to this range of defects, design weaknesses in forgotten password functions frequently make this the weakest link at which to attack the application’s overall … Read more
Testing Security Measures The primary advantage of having ethical hackers on a company’s payroll is that the hackers are allowed to test a company’s security measures in a controlled, safe environment. These hackers can help companies determine which of their computer security measures are effective, which measures need updating, and which ones pose little to … Read more
Hacking Gaining access to a system that you are not supposed to have access is considered as hacking. For example: login into an email account that is not supposed to have access, gaining access to a remote computer that you are not supposed to have access, reading information that you are not supposed to able … Read more