Ethical Hacking: Session Hijacking
Pluralsight is not an official partner or accredited training center of EC-Council. This course goes through the risks of session hijacking in depth and helps you to become an ethical hacker with a strong session hijacking understanding.
What you'll learn
Pluralsight is not an official partner or accredited training center of EC-Council. Session persistence is a fundamental concept in information systems. On the web, for example, which is dependent on the stateless HTTP protocol, session persistence is a key component of features ranging from shopping carts to the ability to logon. At a lower level on the network tier, the TCP protocol relies on sessions for communication between machines such as a client and a server. The confidentiality and integrity of this communication can be seriously impacted by a session hijacking attack. Learning how to identify these risks is an essential capability for the ethical hacker. Systems are frequently built insecurely and readily expose these flaws. Conversely, the risks are often easy to defend against by implementing simple patterns within the application. This course walks through both the risks and the defenses. This course is part of the Ethical Hacking Series. http://blog.pluralsight.com/learning-path-ethical-hacking
Table of contents
- Overview 3m
- Understanding TCP 9m
- Reviewing the Three-way Handshake in Wireshark 5m
- Generation and Predictability of TCP Sequence Numbers 5m
- Blind Hijacking 2m
- Man in the Middle Session Sniffing 2m
- IP Spoofing 2m
- UDP Hijacking 2m
- Man in the Browser Attacks 3m
- Network Level Session Hijacking in the Wild 1m
- Summary 2m
- Overview 2m
- Use Strong Session IDs 3m
- Keep Session IDs Out of the URL 3m
- Don’t Reuse Session ID for Auth 7m
- Always Flag Session ID Cookies as HTTP Only 4m
- Use Transport Layer Security 5m
- Always Flag Session ID Cookies as Secure 6m
- Session Expiration and Using Session Cookies 6m
- Consider Disabling Sliding Sessions 3m
- Encourage Users to Log Out 2m
- Re-authenticate Before Key Actions 2m
- Summary 3m
About the author
Troy Hunt is a Microsoft Regional Director and MVP for Developer Security, an ASPInsider, and a full time Author for Pluralsight—a leader in online training for technology and creative professionals. Troy has been building software for browsers since the very early days of the web and possesses an exceptional ability to distill complex subjects into relatable explanations. This has led Troy to become an industry thought leader in the security space and produce more than twenty top-rated courses ... more