Session based Attacks

From Defcon conference i found these solution for Session attack.

• Prevent XSS
• Use a different SID generation method
• IP Address check implemented with SID generation and
authentication
• Use hash of IP as part of SID generation
• Authentication takes place by regenerating SID and comparing

It may not give us the full proof security but we can make some modification in it to achieve our goal against session attack , like pool of algo’s for generating SID + hash of token id + hash/encrypted algorithm  code etc.

what is your opinion about this solution?

This entry was posted in Blacklisting. Bookmark the permalink.

2 Responses to Session based Attacks

  1. Nice work Waqas, Our current solution is enough or we need more improvements?

Leave a Reply