• Post author:
  • Post category:Blog
  • Reading time:2 mins read
  • Post last modified:June 12, 2024

What is the best mitigation approach against session fixation attacks?

  • Ensure that the session ID uses at least 64 bits of characters. 
  • Ensure that the session ID is used after a user completes authentication. 
  • Ensure that the session ID is exchanged only though an encrypted channel. 
  • Ensure that the session ID changes from the default session name used by the web application framework.

Explanation & Hint:

It is critical to encrypt an entire web session, not only for the authentication process of exchanging user credentials but also to ensure that the session ID is exchanged only through an encrypted channel. Using an encrypted communication channel also protects the session against some session fixation attacks, in which the attacker can intercept and manipulate the web traffic to inject (or fix) the session ID on the web browser used by the user.

For more Questions and Answers:

6.13.3 Quiz – Performing Post-Exploitation Techniques Answers Full 100%

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments