Abstract
Session fixation is a technique for obtaining the visitor's session identifier (SID) by forcing the visitor to use the SID supplied by the attacker. The attacker who obtains the victim's SID can masquerade as the visitor. In this paper, we propose a technique to automatically detect session fixation vulnerabilities in web applications. Our technique uses attack simulator that executes a real session fixation attack and check whether it is successful or not. In the experiment, our system successfully detected vulnerabilities in our original test cases and in a real world web application.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 19th International Conference on World Wide Web, WWW '10 |
| Pages | 1191-1192 |
| Number of pages | 2 |
| DOIs | |
| Publication status | Published - 2010 Jul 20 |
| Event | 19th International World Wide Web Conference, WWW2010 - Raleigh, NC, United States Duration: 2010 Apr 26 → 2010 Apr 30 |
Publication series
| Name | Proceedings of the 19th International Conference on World Wide Web, WWW '10 |
|---|
Other
| Other | 19th International World Wide Web Conference, WWW2010 |
|---|---|
| Country | United States |
| City | Raleigh, NC |
| Period | 10/4/26 → 10/4/30 |
Keywords
- session fixation
- web application security
ASJC Scopus subject areas
- Computer Networks and Communications
- Computer Science Applications
Fingerprint Dive into the research topics of 'Automated detection of session fixation vulnerabilities'. Together they form a unique fingerprint.
Cite this
Takamatsu, Y., Kosuga, Y., & Kono, K. (2010). Automated detection of session fixation vulnerabilities. In Proceedings of the 19th International Conference on World Wide Web, WWW '10 (pp. 1191-1192). (Proceedings of the 19th International Conference on World Wide Web, WWW '10). https://doi.org/10.1145/1772690.1772869