cookie poisoning

On the Web, cookie poisoning is the modification of a cookie (personal information in a Web user's computer) by an attacker to gain unauthorized information about the user for purposes such as identity theft.

On the Web, cookie poisoning is the modification of a cookie (personal information in a Web user's computer) by an attacker to gain unauthorized information about the user for purposes such as identity theft. The attacker may use the information to open new accounts or to gain access to the user's existing accounts.

Cookies stored on your computer's hard drive maintain bits of information that allow Web sites you visit to authenticate your identity, speed up your transactions, monitor your behavior, and personalize their presentations for you. However, cookies can also be accessed by persons unauthorized to do so. Unless security measures are in place, an attacker can examine a cookie to determine its purpose and edit it so that it helps them get user information from the Web site that sent the cookie.

To guard against cookie poisoning, Web sites that use them should protect cookies (through encryption, for example) before they are sent to a user's computer. Ingrian Networks' Active Application Security platform is one means of securing cookies. When cookies pass through the platform, sensitive information is encrypted. A digital signature is created that is used to validate the content in all future communications between the sender and the recipient. If the content is tampered with, the signature will no longer match the content and will be refused access by the server.

This was first published in June 2007

Continue Reading About cookie poisoning

Glossary

'cookie poisoning' is part of the:

View All Definitions

Dig deeper on Web Browser Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close