From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Session hijacking
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
Session hijacking
- [Instructor] Cookies are often used for web application authentication. After a user logs into a system, the web server provides a cookie so that the user doesn't need to continuously log into the system every time he or she requests a new webpage. Presenting the cookie with each request causes the web server to reference the earlier successful login. One major flaw with some web applications is that they don't use random cookies. Instead, they use a guessable value. Let's go ahead and take a look at an example. We'll turn to the WebGoat application security demonstration tool in the ZAP web proxy. This time, we're using a simple web application that asks for username and a password, as has a login button. I have two accounts that I know exists on this server, and I'm going to go ahead and start the ZAP application proxy, and tell it to intercept the login request. I go back to the application. The first time, I'll log…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.