Skip to main content

Hijack session Part 1(why session and how many ways to maintain)

As we discussed that if we want to track user related information or action performed by user we need to maintain session. There are several ways to maintain session as follows.
  1. Saving data in Cookies
  2. Saving data in hidden field 
  3. Session management
  4. URL rewriting 
let's have a look one by one each of these ways.

 1. Cookies 

 Cookie is  a small piece of data sent from website to the client. Containing information like session id, user id etc. 

Cookie is a small piece of data sent from a website and stored in the user's browser 

how you can check cookies related data in your computer system 
if you are a windows user then w

Cookie is a small piece of data sent from a website and stored in the user's web browser while the user is browsing it. Every time the user loads the website, the browser sends the cookie back to the server to notify the user's previous activity.[1] Cookies were designed to be a reliable mechanism for websites to remember state-full information (such as items added in the shopping cart in an online store) or to record the user's browsing activity (including clicking particular buttons, logging, in or recording which pages were visited in the past). Cookies can also store passwords and form content a user has previously entered, such as a credit card number or an address.

Comments

Post a Comment

Popular posts from this blog

First Step towards security (SQL Injection)

SQL Injection  SQL injection is the way by which attacker try to hack your data using interface provided by your application. See following example where attacker going to access your application. suppose following interface our application having to login. If we are having following authentication checks then your application definitely  going to be hack easily. conn = connectionPool.getConnection(); String sql = "select USER_ID from USER_INFO where USER_NAME =  ' " + request.getParameter("userName") + " ' AND PASSWORD = ' " +  request.getParameter("pass") +" ' "; Statement stmt = conn.createStatement(); ResultSet rs = stmt.executeQuery(sql); return rs.next(); Now see how hacker will be going to get access your application  he will use common name in user name like 'admin' , 'super' etc.  and password anything with some code  User name = admin ' or 'a' =...
1 comment
Read more

Security Vulnerabilities in a software.

There are many type of security vulnerability may exist in your software application. You just need to start to know, how many type of security related risk may exist in your applications. Common practice is in development is that we try to find very simplest way to get our problem resolved. But we forget about security related aspects. So this is the time to learn how should we write our code and what we need to avoid to use in our code. We are going yo start with top 10 vulnerabilities which every programmer should know.  Top 10 Vulnerabilities by OWASP (Open Web Application Security Project) Let’s talk about these vulnerabilities one by one: What is SQL Injection and how it works SQL Injection means attacker sends simple text based attacks that exploit the syntax of the targeted interpreter. SQL injections are introduced when software developers write dynamic query that includes user supplied inputs. 1. Application presents a form to the...
Post a Comment
Read more