Various common vulnerabilities in session management mechanisms arise because of weaknesses in the way the application maps the creation and processing of session tokens to individual users’ sessions themselves. The simplest weakness is to allow multiple valid tokens to be concurrently assigned to the same user account. In virtually every application, there is no legitimate … Read more
No matter how effective an application is at ensuring that the session tokens it generates do not contain any meaningful information and are not susceptible to analysis or prediction, its session mechanism will be wide open to attack if those tokens are not handled carefully after generation. For example, if tokens are disclosed to an … Read more
Some session tokens do not contain any meaningful data associating them with a particular user but are nevertheless guessable because they contain sequences or patterns that allow an attacker to extrapolate from a sample of tokens to find other valid tokens recently issued by the application. Even if the extrapolation involves an amount of trial … Read more
Implementing a secure authentication solution involves attempting to simultaneously meet several key security objectives, and in many cases trade off against other objectives such as functionality, usability, and total cost. In some cases “more” security can actually be counterproductive — for example, forcing users to set very long passwords and change them frequently will often … Read more
ActiveX controls are a much more heavyweight technology than Java applets. They are effectively native Win32 executables that, once accepted and installed by the user, execute with the full privileges of that user and can carry out arbitrary actions, including interacting with the operating system. ActiveX can be used to implement practically any client-side control, … Read more
Besides HTML forms, the other main method for capturing, validating, and submitting user data is to use a thick-client component. The technologies you are most likely to encounter here are Java applets, ActiveX controls, and Shockwave Flash objects. Thick-client components can capture data in various different ways, both via input forms and in some cases … Read more
The other principal way in which applications use client-side controls to restrict data submitted by clients occurs with data that was not originally specified by the server but was gathered on the client computer itself. HTML forms are the simplest and most common mechanism for capturing input from the user and submitting it to the … Read more