Specialized Testing: Sessions and Tokens
Most web applications use sessions or tokens to maintain state or to implement authentication – and many can be attacked there. This course will teach you how to test for these kinds of vulnerabilities.
What you'll learn
Sessions and tokens are often a weak spot in web applications when it comes to security. In this course, Specialized Testing: Sessions and Tokens, you’ll learn to audit an application for vulnerabilities in this area. First, you’ll explore the mechanics of sessions and tokens. Next, you’ll discover different ways to exploit session vulnerabilities. Finally, you’ll learn how to exploit token vulnerabilities. When you’re finished with this course, you’ll have the skills and knowledge of testing for session and token vulnerabilities in web applications needed to audit a web application.
Table of contents
About the author
Christian Wenz is an architect, consultant and author focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for Developer Technologies since 2004, and the main author of the official Zend PHP certification. His day job includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right web strategy an... more