Session management vulnerabilities in today's web

IEEE Security and Privacy

Volumn 8, Issue 5, 2010, Pages 48-56

  Visaggio, Corrado ^a   Blasio, Lorenzo Convertito ^b  

^a UNIVERSITY OF SANNIO   (Italy)

^b Progesi ^*  (Italy)

Author keywords

security and privacy; session management; Web application security

Indexed keywords

CYBER-ATTACKS; SECURITY AND PRIVACY; SENSITIVE DATAS; SESSION MANAGEMENT; WEB APPLICATION DESIGN; WEB APPLICATION SECURITY;

COMPUTER CRIME;

WORLD WIDE WEB;

EID: 77958136467     PISSN: 15407993     EISSN: None     Source Type: Journal    
DOI: 10.1109/MSP.2010.114     Document Type: Article

References (9)

1. Cenzic Web Application Security Trends Report-Q3-Q4, 2009, Cenzic, 2010.
2. C. Soghoian and S. Stamm, "Certified Lies: Detecting and Defeating Government Interception Attacks against SSL," Social Science Research Network, Apr. 2010; http://files.cloudprivacy.net/ssl-mitm.pdf.
3. "OWASP Top 10 2010 AppSecDC," Open Web Appli cation Security Project Foundation, Nov. 2009; www. owasp.org/index.php/OWASP-Top-10-2010-App SecDC.
4. D. Stuttard and M. Pinto, The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws, John Wiley & Sons, 2008.
5. C. Anley, "Weak Randomness: Part I-Linear Congru- ential Random Number Generators," Next Generation Security Software, 2007; www.ngssoftware.com/Librar- ies/Documents/02-07-Weak-Randomness.sfl b.ashx.
6. "Cross Site Scripting," Web Application Security Con- sortium, 2009; www.webappsec.org/projects/threat/ classes/cross-site-scripting.shtml.
7. M. Kolšek, "Session Fixation Vulnerability in Web- Based Applications," Acros Security, Dec. 2002; www. acrossecurity.com/papers/ session-fi xation.pdf.
8. "OWASP Testing Guide v3," Open Web Application Security Project Foundation, Nov. 2008; www.owasp. org/index.php/OWASP-Testing-Guide-v3-Table- of-Contents.
9. A. Kiezun et al., "Automatic Creation of SQL Injection and Cross-Site Scripting Attacks," Proc. 31st Int'l Conf. Software Eng., IEEE CS Press, 2009, pp. 199-209.