cookie poisoning

Cookies stored on your computer's hard drive maintain bits of information that allow Web sites you visit to authenticate your identity, speed up your transactions, monitor your behavior, and personalize their presentations for you. However, cookies can also be accessed by persons unauthorized to do so. Unless security measures are in place, an attacker can examine a cookie to determine its purpose and edit it so that it helps them get user information from the Web site that sent the cookie.

To guard against cookie poisoning, Web sites that use them should protect cookies (through encryption, for example) before they are sent to a user's computer. Ingrian Networks' Active Application Security platform is one means of securing cookies. When cookies pass through the platform, sensitive information is encrypted. A digital signature is created that is used to validate the content in all future communications between the sender and the recipient. If the content is tampered with, the signature will no longer match the content and will be refused access by the server.

Read more about cookie poisoning: - Internet.com has an article, "Ingrian Protects Against 'Cookie Poisoning.'" - Jeremy Wolff has a presentation about security that discusses cookie poisoning. - SearchSecurity.com offers "Best Web Links for Common Vulnerabilities and Prevention Tips."

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

BROWSE BY TAG Enterprise Data Protection,   Identity Theft and Data Security Breaches,   Application and Platform Security,   Web Security Tools and Best Practices,   Web Application Security,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT TJX to pay $9.75 million for data breach investigations The company agrees to pay legal expenses related to investigations conducted by 41 Attorneys Generals and establish a data security fund for states. Man pleads guilty in online banking hacking scam Defendant schemed with others to steal money from online bank accounts using credentials stolen with malware. White House cybersecurity czar faces major hurdles A new cyberczar must reduce interagency squabbles, work with Congress on legislation, but avoid getting bogged down in red tape and bureaucracy,...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself... CISP-PCI  (SearchFinancialSecurity.com) CISP (Cardholder Information Security Program) and PCI (Payment Card Industry Data Security Standard) are specifications developed and used by credit...