cookie poisoning

Cookies stored on your computer's hard drive maintain bits of information that allow Web sites you visit to authenticate your identity, speed up your transactions, monitor your behavior, and personalize their presentations for you. However, cookies can also be accessed by persons unauthorized to do so. Unless security measures are in place, an attacker can examine a cookie to determine its purpose and edit it so that it helps them get user information from the Web site that sent the cookie.

To guard against cookie poisoning, Web sites that use them should protect cookies (through encryption, for example) before they are sent to a user's computer. Ingrian Networks' Active Application Security platform is one means of securing cookies. When cookies pass through the platform, sensitive information is encrypted. A digital signature is created that is used to validate the content in all future communications between the sender and the recipient. If the content is tampered with, the signature will no longer match the content and will be refused access by the server.

Read more about cookie poisoning: - Internet.com has an article, "Ingrian Protects Against 'Cookie Poisoning.'" - Jeremy Wolff has a presentation about security that discusses cookie poisoning. - SearchSecurity.com offers "Best Web Links for Common Vulnerabilities and Prevention Tips."

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security data lapses hamper researchers Accurate information on attacks and data breaches could boost research and drive innovation. Data breaches caused by employee errors, process failures A study released by Verizon Business investigative unit found that employee errors are a contributing factor in nearly all data breaches. Data breach laws have no effect on prevention, researchers say Researchers at Carnegie Mellon University say there is no evidence that breach notification laws prevent identity theft, but they may have other...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself... CISP-PCI  (SearchFinancialSecurity.com) CISP (Cardholder Information Security Program) and PCI (Payment Card Industry Data Security Standard) are specifications developed and used by credit...