Slideshow: Five common Web application vulnerabilities and mitigations

Web application session management issues, and how to avoid a hijacking

4 of 6
Two hands on keyboard, one in a black leather glove Source: Thinkstock

Web application session management is another critical area that developers often overlook. HTTP does not have the capability to handle user authentication and keep track of user requests, which means Web applications must handle these tasks. Attackers can hijack active sessions unless user credentials and session identifiers are protected by properly implemented encryption.

Such session management vulnerabilities can be discovered by performing both code reviews and penetration tests, and particular focus should be paid to how session identifiers are handled and the methods used for changing users' credentials. To combat Web application session management issues, account management functions and transactions should require re-authentication, with two-factor authentication being a good option to enable for high-value transactions.

4 of 6

More from this story

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: