AppSec Blog: Daily Archives: Jun 14, 2009

Session Attacks and ASP.NET - Part 1

I've spent some time recently looking for updated information regarding session attacks as they apply to ASP.NET and am still not completely satisfied with how Microsoft has decided to implement session management in ASP.NET 2.0+ (haven't looked at 4.0 beta yet). Before illustrating how a specific attack works with some specific countermeasures for ASP.NET (in … Continue reading Session Attacks and ASP.NET - Part 1