This resource is no longer available

Three Application Threats You Can't Afford to Ignore: Part 3 -- Session Hijacking

Session hijacking is an attack on a user session over a protected network. The most common method of session hijacking is called IP spoofing, when an attacker uses source-routed IP packets to insert commands into an active communication between two nodes on a network and disguising itself as one of the authenticated users. This type of attack is possible because authentication typically is only done at the start of a TCP session. Another type of session hijacking is known as a man-in-the-middle attack, where the attacker, using a sniffer, can observe the communication between devices and collect the data that is transmitted.

It's virtually impossible to build a foolproof defense against attacks that rely on stolen session ID cookies, but you can take steps to make it harder. In this session, those involved in the development lifecycle will learn what steps those are and mechanisms that that should be put in place to protect against session hijacking.


Caleb Sima Co-Founder, Chief Technology Officer, Director of SPI Labs, S.P.I. Dynamics Inc. Caleb Sima is the co-founder and chief technology officer of SPI Dynamics. Caleb is responsible for directing the lifecycle of the company's Web application security solutions and is the director of SPI Labs, the application security research and development group within SPI Dynamics. Here, he leads a team of accomplished security experts who have received worldwide recognition for the identification of security vulnerabilities and exploits.
Dec 6, 2006, 09:00 EST (14:00 GMT)

This resource is no longer available.