Kateryna Ovechenko

Security of user sessions in web-applications: practical examples

"86% of all websites had at least one serious vulnerability" WhiteHat Security

Application vulnerabilities related to session management take 2nd place in TOP 10 vulnerability list.

With vulnerabilities in session management mechanism attacker can compromise passwords or session tokens, or to exploit other implementation flaws to impersonate another user.

During this master-class we are going to:

- investigate in details web-session and its attributes

- try on live examples most well-known vulnerabilities in sessions

- provide recommendations how to prevent session vulnerabilities

- analyze several tools useful for security testing of sessions in web-application

The following vulnerabilities will be analyzed: Session fixation, Session hijacking, Cross-Site Request Forgery, Phising.

This training will get you acquainted with basics in web-session, how they should be tested from security perspective, as well as provide you with main knowledge to start testing in your web-application.

Audience level
Workshop (1h 30 min)


{{ comment.DateCreated | date: 'dd.MM.yyyy' }}
Found a mistake?