[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vulnwatch
Subject:    [VulnWatch] Brute-Forcing Web Application Session IDs
From:       David Endler <DEndler () iDefense ! com>
Date:       2001-11-07 14:57:32
[Download RAW message or body]


Hello,

iDEFENSE Labs has released a paper today entitled "Brute-Force Exploitation
of Web Application Session IDs."  It covers the basics of brute-forcing web
applications through guessing or reverse engineering state session IDs which
are often used for authentication purposes.  Several examples are shown
using some familiar web sites and applications on how stealing or mimicking
a legitimate user's credentials is possible.  All relevant vendors and site
administrators were informed responsibly before publication.

The paper is available at the top of http://www.idefense.com/papers.html

David Endler
Director, iDEFENSE Labs
dendler@idefense.com
www.idefense.com




[prev in list] [next in list] [prev in thread] [next in thread]