Automated detection of session fixation vulnerabilities

Yusuke Takamatsu, Yuji Kosuga, Kenji Kono

研究成果: Conference contribution

5 引用 (Scopus)

抜粋

Session fixation is a technique for obtaining the visitor's session identifier (SID) by forcing the visitor to use the SID supplied by the attacker. The attacker who obtains the victim's SID can masquerade as the visitor. In this paper, we propose a technique to automatically detect session fixation vulnerabilities in web applications. Our technique uses attack simulator that executes a real session fixation attack and check whether it is successful or not. In the experiment, our system successfully detected vulnerabilities in our original test cases and in a real world web application.

元の言語English
ホスト出版物のタイトルProceedings of the 19th International Conference on World Wide Web, WWW '10
ページ1191-1192
ページ数2
DOI
出版物ステータスPublished - 2010 7 20
イベント19th International World Wide Web Conference, WWW2010 - Raleigh, NC, United States
継続期間: 2010 4 262010 4 30

出版物シリーズ

名前Proceedings of the 19th International Conference on World Wide Web, WWW '10

Other

Other19th International World Wide Web Conference, WWW2010
United States
Raleigh, NC
期間10/4/2610/4/30

    フィンガープリント

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications

これを引用

Takamatsu, Y., Kosuga, Y., & Kono, K. (2010). Automated detection of session fixation vulnerabilities. : Proceedings of the 19th International Conference on World Wide Web, WWW '10 (pp. 1191-1192). (Proceedings of the 19th International Conference on World Wide Web, WWW '10). https://doi.org/10.1145/1772690.1772869