WebApp Sec mailing list archives
White paper: Authentication and Session Management on the Web
From: Paul Johnston <paul () westpoint ltd uk>
Date: Mon, 07 Feb 2005 12:39:19 +0000
Hi, You may be interested in this paper I've written: http://www.westpoint.ltd.uk/advisories/Paul_Johnston_GSEC.pdfThe first ten pages or so are probably less interesting to readers of this list, but the latter part covers in detail all the attacks such as session fixation, CSRF, etc.
Any constructive discussion is welcomed! Paul -- Paul Johnston, GSEC Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: paul () westpoint ltd uk web: www.westpoint.ltd.uk
Current thread:
- White paper: Authentication and Session Management on the Web Paul Johnston (Feb 07)