Website Vulnerability to Session Fixation Attacks

Bhavna C.K. Nathani, Erwin Adi

Abstract


Session fixation is a vulnerability of web applications where a malicious attacker gains full control of a victim’s web account without having to use the victim’s credentials such as username and password. Extant defensive techniques and procedures are not completely effective against such attacks. The authors found that some 48% of Indonesian websites are vulnerable to such attacks because, contrary to best software engineering practices, many use default session management IDs generated by their development platforms. This paper presents procedures for identifying vulnerable websites and the results.

Keywords: web application security; session fixation; session hijacking


Full Text: PDF
Download the IISTE publication guideline!

To list your conference here. Please contact the administrator of this platform.

Paper submission email: JIEA@iiste.org
ISSN (Paper)2224-5782 ISSN (Online)2225-0506
Please add our address "contact@iiste.org" into your email contact list.
This journal follows ISO 9001 management standard and licensed under a Creative Commons Attribution 3.0 License.
Copyright © www.iiste.org