Slideshow: Five common Web application vulnerabilities and mitigations


Web application session management issues, and how to avoid a hijacking

Source:  Thinkstock

Web application session management is another critical area that developers often overlook. HTTP does not have the capability to handle user authentication and keep track of user requests, which means Web applications must handle these tasks. Attackers can hijack active sessions unless user credentials and session identifiers are protected by properly implemented encryption.

Such session management vulnerabilities can be discovered by performing both code reviews and penetration tests, and particular focus should be paid to how session identifiers are handled and the methods used for changing users' credentials. To combat Web application session management issues, account management functions and transactions should require re-authentication, with two-factor authentication being a good option to enable for high-value transactions.

View All Photo Stories

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.