Attacks Against Mishandling Of Tokens
In last post to session hacking series we saw how to attack weak token generation methods. In this post we will see how session tokens are mishandled and how they are attacked for mishandling. An important point that you must note that no matter how much secure coding you implement while creating session tokens if they are mishandled there's no way you can protect session from getting hacked. Next thing that you should keep in mind is that implementation of SSL doesn't guarantee 100% security against session hacking. Implementation of SSL helps in protecting tokens if implemented properly but honestly speaking there are many websites which does not really implement SSL properly thus leaving even SSL open to attack.
0 comments:
Post a Comment