Study research project about session cookies, SSL and session hijacking
Tuesday, January 13. 2009, 23:38
In the last weeks, I made a study research project at the EISS at the University of Karlsruhe. The subject was »Session Cookies and SSL«, investigating the problems that arise when trying to secure a web application with HTTPS and using session cookies.
I already wrote about this in the past, presenting vulnerabilities in various web applications.
One of the notable results is probably that ebay has just no measurements against those issues at all, so it's pretty trivial to hijack a session (and use that to do bids and even change the address of the hijacked account).
Download »Session Cookies and SSL« (PDF, 317 KB)
I already wrote about this in the past, presenting vulnerabilities in various web applications.
One of the notable results is probably that ebay has just no measurements against those issues at all, so it's pretty trivial to hijack a session (and use that to do bids and even change the address of the hijacked account).
Download »Session Cookies and SSL« (PDF, 317 KB)
(Page 1 of 1, totaling 1 entries)