SlideShare a Scribd company logo

Session Hijacking

Download as PPTX, PDF
Dilan Warnakulasooriya
Dilan Warnakulasooriya

Myself and Asanka Fernandopulle conducted corporate level workshop on Application Security. This workshop covered areas such as application security treats, secure cording practices, application penetration testing and web application exploitations. Workshop mainly consisted with practical sessions and demonstrations. You can find all the presentations here.

Technology
1 of 8
SESSION Hijacking HOW VULNERABLE IS MY WEB APPLICATION FROM A DEVELOPER’S ANGLE… Dilan Warnakulasooriya Asanka Fernandopulle Information Security Engineer Senior Software Engineer 99X Technology 99X Technology
Overview  Many Details about the session including  Session.Id lifecycle  Session.Abandon  The session cookie  Attacking the session  Fixes January 1, 2013 99X Technology(c) 2
ASP.NET Session Background  Session.Id is established when?  If ASP.Net receives any session Id, it will USE IT.  Does Session.Abandon remove this cookie?  NO – Why? ○ This session could be shared across sites. Why?  Session.IsNewSession is true when  When asp.net has no record of the current session  First new reques to a web server generally means IsNewSession=true  If a session Id is provided by client, IsNewSession = true first request, false for subsequent requests.  Session cookies are HttpOnly  Which means JavaScript cannot read the session cookies but it can still SET the cookie January 1, 2013 99X Technology(c) 3
ASP.NET Session Background DEMO January 1, 2013 99X Technology(c) 4
The client wants a NEW Session Id of 12345678? No Problem Cookie sent to server SessionId = 12345678 January 1, 2013 99X Technology(c) 5
How can sessions be attacked?  Session Ids can be attacked  Network traffic can be sniffed  Man in the middle attack(easy to test via proxy configuration)  Session Fixation Demo January 1, 2013 99X Technology(c) 6
Preventing session attacks  Force SSL for the entire site  Ensure authentication and session timeouts are in sync!  Session could timeout before forms auth timeout, thus allowing takeover of session  Remove the session cookie and kill the session upon logout AND page load  Session.Abandon(); //Expires the session  Response.Cookies[“ASP.NET_SessionId”].Expires = DateTime.Now.AddYears(- 30);  Avoid cookieless sessions (where Id is on the url)  EXTRA EXTRA secure… (Kind of Advanced Topic )  Create your own Session Id Provider to generate and validate ids.  Note these are called for EVERY request (images,etc…) in Integrated Pipeline Mode  Store Session Id in Auth cookie January 1, 2013 99X Technology(c) 7
Session timeouts/Forms Auth timeouts  Scenario  Session timeout 20 minutes, forms auth timeout 20 minutes  Also session can expire when app pool reset. Forms auth token still valid Minutes Session timeout Forms Auth Token Expires 12:02 12:22 Still 12:20 12:04 12:24 Still 12:20 12:06 12:26 Still 12:20 12:15 12:35 12:35 12:30 App pool shuts NO SESSION 12:35 down, reset, etc January 1, 2013 99X Technology(c) 8

Recommended

Returnil 2010
Returnil 2010Returnil 2010
Returnil 2010Rose Banioki
 
Secure remote access in solaris 9
Secure remote access in solaris 9Secure remote access in solaris 9
Secure remote access in solaris 9Tintus Ardi
 
Positive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening GuidePositive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening Guideqqlan
 
MS Cloud day - Understanding and implementation on Windows Azure platform sec...
MS Cloud day - Understanding and implementation on Windows Azure platform sec...MS Cloud day - Understanding and implementation on Windows Azure platform sec...
MS Cloud day - Understanding and implementation on Windows Azure platform sec...Spiffy
 
Documentation
DocumentationDocumentation
DocumentationDaniel Taylor
 
Cassandra Security Configuration
Cassandra Security ConfigurationCassandra Security Configuration
Cassandra Security ConfigurationBraja Krishna Das
 
Microsoft OCSP LUNA SA PCI Integration Guide
Microsoft OCSP LUNA SA PCI Integration GuideMicrosoft OCSP LUNA SA PCI Integration Guide
Microsoft OCSP LUNA SA PCI Integration GuideChris x-MS
 
Secure coding
Secure codingSecure coding
Secure codingDilan Warnakulasooriya
 

Recommended

Returnil 2010
Returnil 2010Returnil 2010
Returnil 2010Rose Banioki
 
Secure remote access in solaris 9
Secure remote access in solaris 9Secure remote access in solaris 9
Secure remote access in solaris 9Tintus Ardi
 
Positive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening GuidePositive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening Guideqqlan
 
MS Cloud day - Understanding and implementation on Windows Azure platform sec...
MS Cloud day - Understanding and implementation on Windows Azure platform sec...MS Cloud day - Understanding and implementation on Windows Azure platform sec...
MS Cloud day - Understanding and implementation on Windows Azure platform sec...Spiffy
 
Documentation
DocumentationDocumentation
DocumentationDaniel Taylor
 
Cassandra Security Configuration
Cassandra Security ConfigurationCassandra Security Configuration
Cassandra Security ConfigurationBraja Krishna Das
 
Microsoft OCSP LUNA SA PCI Integration Guide
Microsoft OCSP LUNA SA PCI Integration GuideMicrosoft OCSP LUNA SA PCI Integration Guide
Microsoft OCSP LUNA SA PCI Integration GuideChris x-MS
 
Secure coding
Secure codingSecure coding
Secure codingDilan Warnakulasooriya
 
The license associated with the Belarc Advisor product allows
The license associated with the Belarc Advisor product allows The license associated with the Belarc Advisor product allows
The license associated with the Belarc Advisor product allowsMikeEly930
 
Zerto in azure technical deep dive
Zerto in azure technical deep diveZerto in azure technical deep dive
Zerto in azure technical deep diveDatabarracks
 
Sql injection
Sql injectionSql injection
Sql injectionDilan Warnakulasooriya
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...Principled Technologies
 
CCCC Neustar Lenny Rachitsky
CCCC Neustar Lenny RachitskyCCCC Neustar Lenny Rachitsky
CCCC Neustar Lenny RachitskyCloud Congress
 
Java User Group Erfurt 2018: Zeebe.io - Event-driven Microservice Orchestration
Java User Group Erfurt 2018: Zeebe.io - Event-driven Microservice OrchestrationJava User Group Erfurt 2018: Zeebe.io - Event-driven Microservice Orchestration
Java User Group Erfurt 2018: Zeebe.io - Event-driven Microservice OrchestrationBernd Ruecker
 
Hacking Web Aplications using Cookie Poisoning
Hacking Web Aplications using Cookie PoisoningHacking Web Aplications using Cookie Poisoning
Hacking Web Aplications using Cookie PoisoningSumutiu Marius
 
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud Thuan Ng
 
Barracuda in Microsoft Azure
Barracuda in Microsoft AzureBarracuda in Microsoft Azure
Barracuda in Microsoft AzureresponsiveX
 
Microsoft az-303 Dumps
Microsoft az-303 DumpsMicrosoft az-303 Dumps
Microsoft az-303 DumpsArmstrongsmith
 
KoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLA
KoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLAKoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLA
KoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLATobias Koprowski
 
Windows azure overview for SharePoint Pros
Windows azure overview for SharePoint Pros Windows azure overview for SharePoint Pros
Windows azure overview for SharePoint Pros Usama Wahab Khan Cloud, Data and AI
 
What is Windows Azure Platform
What is Windows Azure PlatformWhat is Windows Azure Platform
What is Windows Azure PlatformDavid Chou
 
Final pres(0704043)
Final pres(0704043)Final pres(0704043)
Final pres(0704043)Md. Al-Hasan
 
Introducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protectionIntroducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protectionDatabarracks
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanEC-Council
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summaryKarun Chennuri
 
How to move to the cloud, get it right, stay secure and not cost a fortune
How to move to the cloud, get it right, stay secure and not cost a fortuneHow to move to the cloud, get it right, stay secure and not cost a fortune
How to move to the cloud, get it right, stay secure and not cost a fortuneCorecom Consulting
 
CloudStack UI
CloudStack UICloudStack UI
CloudStack UIShapeBlue
 
Parameter tampering
Parameter tamperingParameter tampering
Parameter tamperingDilan Warnakulasooriya
 
CSRF
CSRFCSRF
CSRFDilan Warnakulasooriya
 

More Related Content

Similar to Session Hijacking

The license associated with the Belarc Advisor product allows
The license associated with the Belarc Advisor product allows The license associated with the Belarc Advisor product allows
The license associated with the Belarc Advisor product allowsMikeEly930
 
Zerto in azure technical deep dive
Zerto in azure technical deep diveZerto in azure technical deep dive
Zerto in azure technical deep diveDatabarracks
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...Principled Technologies
 
CCCC Neustar Lenny Rachitsky
CCCC Neustar Lenny RachitskyCCCC Neustar Lenny Rachitsky
CCCC Neustar Lenny RachitskyCloud Congress
 
Java User Group Erfurt 2018: Zeebe.io - Event-driven Microservice Orchestration
Java User Group Erfurt 2018: Zeebe.io - Event-driven Microservice OrchestrationJava User Group Erfurt 2018: Zeebe.io - Event-driven Microservice Orchestration
Java User Group Erfurt 2018: Zeebe.io - Event-driven Microservice OrchestrationBernd Ruecker
 
Hacking Web Aplications using Cookie Poisoning
Hacking Web Aplications using Cookie PoisoningHacking Web Aplications using Cookie Poisoning
Hacking Web Aplications using Cookie PoisoningSumutiu Marius
 
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud Thuan Ng
 
Barracuda in Microsoft Azure
Barracuda in Microsoft AzureBarracuda in Microsoft Azure
Barracuda in Microsoft AzureresponsiveX
 
Microsoft az-303 Dumps
Microsoft az-303 DumpsMicrosoft az-303 Dumps
Microsoft az-303 DumpsArmstrongsmith
 
KoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLA
KoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLAKoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLA
KoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLATobias Koprowski
 
What is Windows Azure Platform
What is Windows Azure PlatformWhat is Windows Azure Platform
What is Windows Azure PlatformDavid Chou
 
Final pres(0704043)
Final pres(0704043)Final pres(0704043)
Final pres(0704043)Md. Al-Hasan
 
Introducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protectionIntroducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protectionDatabarracks
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanEC-Council
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summaryKarun Chennuri
 
How to move to the cloud, get it right, stay secure and not cost a fortune
How to move to the cloud, get it right, stay secure and not cost a fortuneHow to move to the cloud, get it right, stay secure and not cost a fortune
How to move to the cloud, get it right, stay secure and not cost a fortuneCorecom Consulting
 
CloudStack UI
CloudStack UICloudStack UI
CloudStack UIShapeBlue
 

Similar to Session Hijacking (20)

The license associated with the Belarc Advisor product allows
The license associated with the Belarc Advisor product allows The license associated with the Belarc Advisor product allows
The license associated with the Belarc Advisor product allows
 
Zerto in azure technical deep dive
Zerto in azure technical deep diveZerto in azure technical deep dive
Zerto in azure technical deep dive
 
Sql injection
Sql injectionSql injection
Sql injection
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...
 
CCCC Neustar Lenny Rachitsky
CCCC Neustar Lenny RachitskyCCCC Neustar Lenny Rachitsky
CCCC Neustar Lenny Rachitsky
 
Java User Group Erfurt 2018: Zeebe.io - Event-driven Microservice Orchestration
Java User Group Erfurt 2018: Zeebe.io - Event-driven Microservice OrchestrationJava User Group Erfurt 2018: Zeebe.io - Event-driven Microservice Orchestration
Java User Group Erfurt 2018: Zeebe.io - Event-driven Microservice Orchestration
 
Hacking Web Aplications using Cookie Poisoning
Hacking Web Aplications using Cookie PoisoningHacking Web Aplications using Cookie Poisoning
Hacking Web Aplications using Cookie Poisoning
 
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
 
Barracuda in Microsoft Azure
Barracuda in Microsoft AzureBarracuda in Microsoft Azure
Barracuda in Microsoft Azure
 
Microsoft az-303 Dumps
Microsoft az-303 DumpsMicrosoft az-303 Dumps
Microsoft az-303 Dumps
 
KoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLA
KoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLAKoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLA
KoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLA
 
Windows azure overview for SharePoint Pros
Windows azure overview for SharePoint Pros Windows azure overview for SharePoint Pros
Windows azure overview for SharePoint Pros
 
What is Windows Azure Platform
What is Windows Azure PlatformWhat is Windows Azure Platform
What is Windows Azure Platform
 
Final pres(0704043)
Final pres(0704043)Final pres(0704043)
Final pres(0704043)
 
Introducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protectionIntroducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protection
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summary
 
How to move to the cloud, get it right, stay secure and not cost a fortune
How to move to the cloud, get it right, stay secure and not cost a fortuneHow to move to the cloud, get it right, stay secure and not cost a fortune
How to move to the cloud, get it right, stay secure and not cost a fortune
 
CloudStack UI
CloudStack UICloudStack UI
CloudStack UI
 

More from Dilan Warnakulasooriya

More from Dilan Warnakulasooriya (6)

Parameter tampering
Parameter tamperingParameter tampering
Parameter tampering
 
CSRF
CSRFCSRF
CSRF
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
Application security overview
Application security overviewApplication security overview
Application security overview
 
Application security overview
Application security overviewApplication security overview
Application security overview
 
webscarab
webscarabwebscarab
webscarab
 

Recently uploaded

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Recently uploaded (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Session Hijacking

  • 1. SESSION Hijacking HOW VULNERABLE IS MY WEB APPLICATION FROM A DEVELOPER’S ANGLE… Dilan Warnakulasooriya Asanka Fernandopulle Information Security Engineer Senior Software Engineer 99X Technology 99X Technology
  • 2. Overview  Many Details about the session including  Session.Id lifecycle  Session.Abandon  The session cookie  Attacking the session  Fixes January 1, 2013 99X Technology(c) 2
  • 3. ASP.NET Session Background  Session.Id is established when?  If ASP.Net receives any session Id, it will USE IT.  Does Session.Abandon remove this cookie?  NO – Why? ○ This session could be shared across sites. Why?  Session.IsNewSession is true when  When asp.net has no record of the current session  First new reques to a web server generally means IsNewSession=true  If a session Id is provided by client, IsNewSession = true first request, false for subsequent requests.  Session cookies are HttpOnly  Which means JavaScript cannot read the session cookies but it can still SET the cookie January 1, 2013 99X Technology(c) 3
  • 4. ASP.NET Session Background DEMO January 1, 2013 99X Technology(c) 4
  • 5. The client wants a NEW Session Id of 12345678? No Problem Cookie sent to server SessionId = 12345678 January 1, 2013 99X Technology(c) 5
  • 6. How can sessions be attacked?  Session Ids can be attacked  Network traffic can be sniffed  Man in the middle attack(easy to test via proxy configuration)  Session Fixation Demo January 1, 2013 99X Technology(c) 6
  • 7. Preventing session attacks  Force SSL for the entire site  Ensure authentication and session timeouts are in sync!  Session could timeout before forms auth timeout, thus allowing takeover of session  Remove the session cookie and kill the session upon logout AND page load  Session.Abandon(); //Expires the session  Response.Cookies[“ASP.NET_SessionId”].Expires = DateTime.Now.AddYears(- 30);  Avoid cookieless sessions (where Id is on the url)  EXTRA EXTRA secure… (Kind of Advanced Topic )  Create your own Session Id Provider to generate and validate ids.  Note these are called for EVERY request (images,etc…) in Integrated Pipeline Mode  Store Session Id in Auth cookie January 1, 2013 99X Technology(c) 7
  • 8. Session timeouts/Forms Auth timeouts  Scenario  Session timeout 20 minutes, forms auth timeout 20 minutes  Also session can expire when app pool reset. Forms auth token still valid Minutes Session timeout Forms Auth Token Expires 12:02 12:22 Still 12:20 12:04 12:24 Still 12:20 12:06 12:26 Still 12:20 12:15 12:35 12:35 12:30 App pool shuts NO SESSION 12:35 down, reset, etc January 1, 2013 99X Technology(c) 8