Security breaches on Web Application
Security Breaches on Web Application Basically we have several types of security breaches on Web application 1. Session Fixation 2. CSRF 3. Click Jacking Session Fixation Session fixation, by most definitions, is a subclass of session hijacking. The most common basic flow is: Step 1. Attacker gets a valid session ID from an application Step 2. Attacker forces the victim to use that same session ID Step 3. Attacker now knows the session ID that the victim is using and can gain access to the victim’s account Step 2, which requires forcing the session ID on the victim, is the only real work the attacker needs to do. And even this action on the attacker’s part is often performed by simply sending the victim a link to a website with the session ID attached to the URL. We need to make sure about Fortunately, resolving session fixation is usually fairly simple. The basic advice is: Invalidate the user session once a successful login has occurred. The usual ...
