Home » Story links » Param's story links

How-To - Perform Session Riding Test

Link: http://www.owasp.org/index.php/How_to_perform_session_riding...
Points: 681 views User: Param Comments: 0 Comments Tag:

Session riding is about forcing an unknowingly user to execute unwanted actions on a web application in which he is currently authenticated. The way this is accomplished relies on the following facts :

  • web browser behavior regarding the handling of session-related information such as cookies and http authentication information;
  • knowledge of valid web application URLs on the side of the attacker;
  • application session management relying only on information which is known by the browser;
  • existence of HTML tags whose presence causes immediate access to an http[s] resource; one of such tags is the image tag img.

Email: Email this Story to a Friend

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h1> <quote> <img>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.