[nycphp-talk] sessions and application security
Mark Armendariz
nyphp at enobrev.com
Tue Jan 27 19:18:07 EST 2004
> likely), and then you learn that everyone's session data is
> being compromised by way of browser vulnerabilities (see
> Oops! People are still having their cookies compromised, so
> attackers are using the stolen session identifiers to
> impersonate users on your site.
> attackers are now using session fixation attacks to cause
> unknowing users to pass a session identifier of the
> attacker's choosing
I've been searching for a good list of potential security hazards via HTTP /
browsers. Something like a good reference list to base web application
security decisions on (Chris, you always tend to be a fountain of knowledge
on the subject). Any books / sites you could recommend?
More information about the talk
mailing list