AppSec Blog: Daily Archives: Jun 24, 2009

Session Attacks and ASP.NET - Part 2

In Session Attacks and ASP.NET - Part 1, I introduced one type of attack against the session called Session Fixation as well as ASP.NET's session architecture and authentication architecture. In this post, I'll delve into a couple specific attack scenarios, cover risk reduction, and countermeasures. Attack Scenario: ASP.NET Session with Forms Authentication So understanding the … Continue reading Session Attacks and ASP.NET - Part 2