SlideShare a Scribd company logo

Session Hijacking

Download as PPTX, PDF
Dilan Warnakulasooriya
Dilan Warnakulasooriya

Myself and Asanka Fernandopulle conducted corporate level workshop on Application Security. This workshop covered areas such as application security treats, secure cording practices, application penetration testing and web application exploitations. Workshop mainly consisted with practical sessions and demonstrations. You can find all the presentations here.

Technology
1 of 8
SESSION Hijacking HOW VULNERABLE IS MY WEB APPLICATION FROM A DEVELOPER’S ANGLE… Dilan Warnakulasooriya Asanka Fernandopulle Information Security Engineer Senior Software Engineer 99X Technology 99X Technology
Overview  Many Details about the session including  Session.Id lifecycle  Session.Abandon  The session cookie  Attacking the session  Fixes January 1, 2013 99X Technology(c) 2
ASP.NET Session Background  Session.Id is established when?  If ASP.Net receives any session Id, it will USE IT.  Does Session.Abandon remove this cookie?  NO – Why? ○ This session could be shared across sites. Why?  Session.IsNewSession is true when  When asp.net has no record of the current session  First new reques to a web server generally means IsNewSession=true  If a session Id is provided by client, IsNewSession = true first request, false for subsequent requests.  Session cookies are HttpOnly  Which means JavaScript cannot read the session cookies but it can still SET the cookie January 1, 2013 99X Technology(c) 3
ASP.NET Session Background DEMO January 1, 2013 99X Technology(c) 4
The client wants a NEW Session Id of 12345678? No Problem Cookie sent to server SessionId = 12345678 January 1, 2013 99X Technology(c) 5
How can sessions be attacked?  Session Ids can be attacked  Network traffic can be sniffed  Man in the middle attack(easy to test via proxy configuration)  Session Fixation Demo January 1, 2013 99X Technology(c) 6
Preventing session attacks  Force SSL for the entire site  Ensure authentication and session timeouts are in sync!  Session could timeout before forms auth timeout, thus allowing takeover of session  Remove the session cookie and kill the session upon logout AND page load  Session.Abandon(); //Expires the session  Response.Cookies[“ASP.NET_SessionId”].Expires = DateTime.Now.AddYears(- 30);  Avoid cookieless sessions (where Id is on the url)  EXTRA EXTRA secure… (Kind of Advanced Topic )  Create your own Session Id Provider to generate and validate ids.  Note these are called for EVERY request (images,etc…) in Integrated Pipeline Mode  Store Session Id in Auth cookie January 1, 2013 99X Technology(c) 7
Session timeouts/Forms Auth timeouts  Scenario  Session timeout 20 minutes, forms auth timeout 20 minutes  Also session can expire when app pool reset. Forms auth token still valid Minutes Session timeout Forms Auth Token Expires 12:02 12:22 Still 12:20 12:04 12:24 Still 12:20 12:06 12:26 Still 12:20 12:15 12:35 12:35 12:30 App pool shuts NO SESSION 12:35 down, reset, etc January 1, 2013 99X Technology(c) 8

Recommended

Returnil 2010
Returnil 2010Returnil 2010
Returnil 2010Rose Banioki
 
Secure remote access in solaris 9
Secure remote access in solaris 9Secure remote access in solaris 9
Secure remote access in solaris 9Tintus Ardi
 
Positive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening GuidePositive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening Guideqqlan
 
MS Cloud day - Understanding and implementation on Windows Azure platform sec...
MS Cloud day - Understanding and implementation on Windows Azure platform sec...MS Cloud day - Understanding and implementation on Windows Azure platform sec...
MS Cloud day - Understanding and implementation on Windows Azure platform sec...Spiffy
 
Documentation
DocumentationDocumentation
DocumentationDaniel Taylor
 
Cassandra Security Configuration
Cassandra Security ConfigurationCassandra Security Configuration
Cassandra Security ConfigurationBraja Krishna Das
 
Microsoft OCSP LUNA SA PCI Integration Guide
Microsoft OCSP LUNA SA PCI Integration GuideMicrosoft OCSP LUNA SA PCI Integration Guide
Microsoft OCSP LUNA SA PCI Integration GuideChris x-MS
 
Secure coding
Secure codingSecure coding
Secure codingDilan Warnakulasooriya
 

Recommended

Returnil 2010
Returnil 2010Returnil 2010
Returnil 2010Rose Banioki
 
Secure remote access in solaris 9
Secure remote access in solaris 9Secure remote access in solaris 9
Secure remote access in solaris 9Tintus Ardi
 
Positive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening GuidePositive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening Guideqqlan
 
MS Cloud day - Understanding and implementation on Windows Azure platform sec...
MS Cloud day - Understanding and implementation on Windows Azure platform sec...MS Cloud day - Understanding and implementation on Windows Azure platform sec...
MS Cloud day - Understanding and implementation on Windows Azure platform sec...Spiffy
 
Documentation
DocumentationDocumentation
DocumentationDaniel Taylor
 
Cassandra Security Configuration
Cassandra Security ConfigurationCassandra Security Configuration
Cassandra Security ConfigurationBraja Krishna Das
 
Microsoft OCSP LUNA SA PCI Integration Guide
Microsoft OCSP LUNA SA PCI Integration GuideMicrosoft OCSP LUNA SA PCI Integration Guide
Microsoft OCSP LUNA SA PCI Integration GuideChris x-MS
 
Secure coding
Secure codingSecure coding
Secure codingDilan Warnakulasooriya
 
The license associated with the Belarc Advisor product allows
The license associated with the Belarc Advisor product allows The license associated with the Belarc Advisor product allows
The license associated with the Belarc Advisor product allowsMikeEly930
 
Zerto in azure technical deep dive
Zerto in azure technical deep diveZerto in azure technical deep dive
Zerto in azure technical deep diveDatabarracks
 
Sql injection
Sql injectionSql injection
Sql injectionDilan Warnakulasooriya
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...Principled Technologies
 
CCCC Neustar Lenny Rachitsky
CCCC Neustar Lenny RachitskyCCCC Neustar Lenny Rachitsky
CCCC Neustar Lenny RachitskyCloud Congress
 
Java User Group Erfurt 2018: Zeebe.io - Event-driven Microservice Orchestration
Java User Group Erfurt 2018: Zeebe.io - Event-driven Microservice OrchestrationJava User Group Erfurt 2018: Zeebe.io - Event-driven Microservice Orchestration
Java User Group Erfurt 2018: Zeebe.io - Event-driven Microservice OrchestrationBernd Ruecker
 
Hacking Web Aplications using Cookie Poisoning
Hacking Web Aplications using Cookie PoisoningHacking Web Aplications using Cookie Poisoning
Hacking Web Aplications using Cookie PoisoningSumutiu Marius
 
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud Thuan Ng
 
Barracuda in Microsoft Azure
Barracuda in Microsoft AzureBarracuda in Microsoft Azure
Barracuda in Microsoft AzureresponsiveX
 
Microsoft az-303 Dumps
Microsoft az-303 DumpsMicrosoft az-303 Dumps
Microsoft az-303 DumpsArmstrongsmith
 
KoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLA
KoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLAKoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLA
KoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLATobias Koprowski
 
Windows azure overview for SharePoint Pros
Windows azure overview for SharePoint Pros Windows azure overview for SharePoint Pros
Windows azure overview for SharePoint Pros Usama Wahab Khan Cloud, Data and AI
 
What is Windows Azure Platform
What is Windows Azure PlatformWhat is Windows Azure Platform
What is Windows Azure PlatformDavid Chou
 
Final pres(0704043)
Final pres(0704043)Final pres(0704043)
Final pres(0704043)Md. Al-Hasan
 
Introducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protectionIntroducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protectionDatabarracks
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanEC-Council
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summaryKarun Chennuri
 
How to move to the cloud, get it right, stay secure and not cost a fortune
How to move to the cloud, get it right, stay secure and not cost a fortuneHow to move to the cloud, get it right, stay secure and not cost a fortune
How to move to the cloud, get it right, stay secure and not cost a fortuneCorecom Consulting
 
CloudStack UI
CloudStack UICloudStack UI
CloudStack UIShapeBlue
 
Parameter tampering
Parameter tamperingParameter tampering
Parameter tamperingDilan Warnakulasooriya
 
CSRF
CSRFCSRF
CSRFDilan Warnakulasooriya
 

More Related Content

Similar to Session Hijacking

The license associated with the Belarc Advisor product allows
The license associated with the Belarc Advisor product allows The license associated with the Belarc Advisor product allows
The license associated with the Belarc Advisor product allowsMikeEly930
 
Zerto in azure technical deep dive
Zerto in azure technical deep diveZerto in azure technical deep dive
Zerto in azure technical deep diveDatabarracks
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...Principled Technologies
 
CCCC Neustar Lenny Rachitsky
CCCC Neustar Lenny RachitskyCCCC Neustar Lenny Rachitsky
CCCC Neustar Lenny RachitskyCloud Congress
 
Java User Group Erfurt 2018: Zeebe.io - Event-driven Microservice Orchestration
Java User Group Erfurt 2018: Zeebe.io - Event-driven Microservice OrchestrationJava User Group Erfurt 2018: Zeebe.io - Event-driven Microservice Orchestration
Java User Group Erfurt 2018: Zeebe.io - Event-driven Microservice OrchestrationBernd Ruecker
 
Hacking Web Aplications using Cookie Poisoning
Hacking Web Aplications using Cookie PoisoningHacking Web Aplications using Cookie Poisoning
Hacking Web Aplications using Cookie PoisoningSumutiu Marius
 
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud Thuan Ng
 
Barracuda in Microsoft Azure
Barracuda in Microsoft AzureBarracuda in Microsoft Azure
Barracuda in Microsoft AzureresponsiveX
 
Microsoft az-303 Dumps
Microsoft az-303 DumpsMicrosoft az-303 Dumps
Microsoft az-303 DumpsArmstrongsmith
 
KoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLA
KoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLAKoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLA
KoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLATobias Koprowski
 
What is Windows Azure Platform
What is Windows Azure PlatformWhat is Windows Azure Platform
What is Windows Azure PlatformDavid Chou
 
Final pres(0704043)
Final pres(0704043)Final pres(0704043)
Final pres(0704043)Md. Al-Hasan
 
Introducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protectionIntroducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protectionDatabarracks
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanEC-Council
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summaryKarun Chennuri
 
How to move to the cloud, get it right, stay secure and not cost a fortune
How to move to the cloud, get it right, stay secure and not cost a fortuneHow to move to the cloud, get it right, stay secure and not cost a fortune
How to move to the cloud, get it right, stay secure and not cost a fortuneCorecom Consulting
 
CloudStack UI
CloudStack UICloudStack UI
CloudStack UIShapeBlue
 

Similar to Session Hijacking (20)

The license associated with the Belarc Advisor product allows
The license associated with the Belarc Advisor product allows The license associated with the Belarc Advisor product allows
The license associated with the Belarc Advisor product allows
 
Zerto in azure technical deep dive
Zerto in azure technical deep diveZerto in azure technical deep dive
Zerto in azure technical deep dive
 
Sql injection
Sql injectionSql injection
Sql injection
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...
 
CCCC Neustar Lenny Rachitsky
CCCC Neustar Lenny RachitskyCCCC Neustar Lenny Rachitsky
CCCC Neustar Lenny Rachitsky
 
Java User Group Erfurt 2018: Zeebe.io - Event-driven Microservice Orchestration
Java User Group Erfurt 2018: Zeebe.io - Event-driven Microservice OrchestrationJava User Group Erfurt 2018: Zeebe.io - Event-driven Microservice Orchestration
Java User Group Erfurt 2018: Zeebe.io - Event-driven Microservice Orchestration
 
Hacking Web Aplications using Cookie Poisoning
Hacking Web Aplications using Cookie PoisoningHacking Web Aplications using Cookie Poisoning
Hacking Web Aplications using Cookie Poisoning
 
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
 
Barracuda in Microsoft Azure
Barracuda in Microsoft AzureBarracuda in Microsoft Azure
Barracuda in Microsoft Azure
 
Microsoft az-303 Dumps
Microsoft az-303 DumpsMicrosoft az-303 Dumps
Microsoft az-303 Dumps
 
KoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLA
KoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLAKoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLA
KoprowskiT_SQLSat152_Bulgaria_HighAvailabilityOfSQLintheContextOfSLA
 
Windows azure overview for SharePoint Pros
Windows azure overview for SharePoint Pros Windows azure overview for SharePoint Pros
Windows azure overview for SharePoint Pros
 
What is Windows Azure Platform
What is Windows Azure PlatformWhat is Windows Azure Platform
What is Windows Azure Platform
 
Final pres(0704043)
Final pres(0704043)Final pres(0704043)
Final pres(0704043)
 
Introducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protectionIntroducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protection
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summary
 
How to move to the cloud, get it right, stay secure and not cost a fortune
How to move to the cloud, get it right, stay secure and not cost a fortuneHow to move to the cloud, get it right, stay secure and not cost a fortune
How to move to the cloud, get it right, stay secure and not cost a fortune
 
CloudStack UI
CloudStack UICloudStack UI
CloudStack UI
 

More from Dilan Warnakulasooriya

More from Dilan Warnakulasooriya (6)

Parameter tampering
Parameter tamperingParameter tampering
Parameter tampering
 
CSRF
CSRFCSRF
CSRF
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
Application security overview
Application security overviewApplication security overview
Application security overview
 
Application security overview
Application security overviewApplication security overview
Application security overview
 
webscarab
webscarabwebscarab
webscarab
 

Recently uploaded

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Recently uploaded (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Session Hijacking

  • 1. SESSION Hijacking HOW VULNERABLE IS MY WEB APPLICATION FROM A DEVELOPER’S ANGLE… Dilan Warnakulasooriya Asanka Fernandopulle Information Security Engineer Senior Software Engineer 99X Technology 99X Technology
  • 2. Overview  Many Details about the session including  Session.Id lifecycle  Session.Abandon  The session cookie  Attacking the session  Fixes January 1, 2013 99X Technology(c) 2
  • 3. ASP.NET Session Background  Session.Id is established when?  If ASP.Net receives any session Id, it will USE IT.  Does Session.Abandon remove this cookie?  NO – Why? ○ This session could be shared across sites. Why?  Session.IsNewSession is true when  When asp.net has no record of the current session  First new reques to a web server generally means IsNewSession=true  If a session Id is provided by client, IsNewSession = true first request, false for subsequent requests.  Session cookies are HttpOnly  Which means JavaScript cannot read the session cookies but it can still SET the cookie January 1, 2013 99X Technology(c) 3
  • 4. ASP.NET Session Background DEMO January 1, 2013 99X Technology(c) 4
  • 5. The client wants a NEW Session Id of 12345678? No Problem Cookie sent to server SessionId = 12345678 January 1, 2013 99X Technology(c) 5
  • 6. How can sessions be attacked?  Session Ids can be attacked  Network traffic can be sniffed  Man in the middle attack(easy to test via proxy configuration)  Session Fixation Demo January 1, 2013 99X Technology(c) 6
  • 7. Preventing session attacks  Force SSL for the entire site  Ensure authentication and session timeouts are in sync!  Session could timeout before forms auth timeout, thus allowing takeover of session  Remove the session cookie and kill the session upon logout AND page load  Session.Abandon(); //Expires the session  Response.Cookies[“ASP.NET_SessionId”].Expires = DateTime.Now.AddYears(- 30);  Avoid cookieless sessions (where Id is on the url)  EXTRA EXTRA secure… (Kind of Advanced Topic )  Create your own Session Id Provider to generate and validate ids.  Note these are called for EVERY request (images,etc…) in Integrated Pipeline Mode  Store Session Id in Auth cookie January 1, 2013 99X Technology(c) 7
  • 8. Session timeouts/Forms Auth timeouts  Scenario  Session timeout 20 minutes, forms auth timeout 20 minutes  Also session can expire when app pool reset. Forms auth token still valid Minutes Session timeout Forms Auth Token Expires 12:02 12:22 Still 12:20 12:04 12:24 Still 12:20 12:06 12:26 Still 12:20 12:15 12:35 12:35 12:30 App pool shuts NO SESSION 12:35 down, reset, etc January 1, 2013 99X Technology(c) 8