Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Web Application Security > Session Hijacking > Flashcards

Session Hijacking Flashcards

1
Q

What is Session Hijacking?

A
  • attacker gains unauthorized access to a user’s session in a web application
  • session hijacking attacks target web applications that use sessions to maintain a user’s authentication state
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What can attacker do by hijacking a session?

A

attacker can impersonate the user and potentially perform actions on their behalf

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the consequences of session hijacking?

A
  • Unauthorized Access
    • attackers can gain access to sensitive information, perform actions on behalf of the user, or manipulate account settings
  • Data Theft
    • confidential data, such as personal information or financial details, can be compromised
  • Account Compromise
    • attackers can hijack sessions to take control of user accounts, potentially leading to identity theft or further attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the protection and mitigation against session hijacking?

A
  • Secure Session Management
    • secure session token generation, random session IDs, and secure session storage
  • Transport Layer Security (TLS)
  • Session Expiry and Invalidation
  • Session Regeneration
  • User Authentication Measures
  • Security Audits and Logging
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the attack process of session hijacking?

A
  1. when the user authenticates or establishes a session, the server assigns a session identifier (session ID) to the user’s session and stores it on the client-side (in a cookie or URL parameter) or server-side
  2. the attacker intercepts the session ID through techniques like packet sniffing, man-in-the-middle attacks, or cross-site scripting (XSS) vulnerabilities
  3. with the stolen session ID, the attacker can impersonate the user by using it in subsequent requests, effectively taking over their session
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is included in secure session management?

A
  • secure session token generation
  • random session IDs
  • secure session storage
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In order to provide secure session management that can prevent hijacking of sessions using the cookies that the application relies on, what should be implemented?

A

setting the Secure cookie will only allow cookies to be sent via HTTPS TLS sessions, preventing man-in-the-middle attacks that target cookies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Web Application Security (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions