Slideshow: Five common Web application vulnerabilities and mitigations

4/6

Web application session management issues, and how to avoid a hijacking

Source:  Thinkstock

Web application session management is another critical area that developers often overlook. HTTP does not have the capability to handle user authentication and keep track of user requests, which means Web applications must handle these tasks. Attackers can hijack active sessions unless user credentials and session identifiers are protected by properly implemented encryption.

Such session management vulnerabilities can be discovered by performing both code reviews and penetration tests, and particular focus should be paid to how session identifiers are handled and the methods used for changing users' credentials. To combat Web application session management issues, account management functions and transactions should require re-authentication, with two-factor authentication being a good option to enable for high-value transactions.

View All Photo Stories

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close