As mentioned previously, I’m doing an online training course – Web Application Penetration Testing – from ELearnSecurity.

Module 6 – Session Security & Attacks

Module 6 covers the use of the Session Identifier, various methods of Session Hijacking and also how it can be prevented.

It covers the following:

  • Weaknesses of the Session Identifier
  • Session Hijacking via XSS
  • Session Hijacking through Packet Sniffing
  • Session Hijacking through access to Web Server
  • Session Fixation attack
  • Cross Site Request Forgeries (aka CSRF and XSRF)
  • Preventing CSRF