WebApp Sec mailing list archives
RE: How can i protect against session hijacking?
From: "Martin O'Neal" <martin.oneal () corsaire com>
Date: Thu, 2 Apr 2009 07:02:04 +0100
Try installing a Web Application Firewall (WAF) that prevents attacks like this, there are several on the market...
LOL; this I want to hear. Explain how a WAF addresses: "If an attacker gets hold of the end users cookies (through XSS and so forth), how can you actually prevent session hijacking?" Oh, and just to be specific, in this scenario the relevant bit is the session hijacking; the cookies and session ID are already lost via some mechanism (which isn't of interest). Martin...
Current thread:
- RE: How can i protect against session hijacking? Chris Grove (Apr 01)
- <Possible follow-ups>
- RE: How can i protect against session hijacking? Martin O'Neal (Apr 01)
- Re: How can i protect against session hijacking? Justin Clarke (Apr 02)
- RE: How can i protect against session hijacking? Martin O'Neal (Apr 02)
- Re: How can i protect against session hijacking? Adam Todorski (Apr 02)
- RE: How can i protect against session hijacking? Martin O'Neal (Apr 02)
- RE: How can i protect against session hijacking? Debasis Mohanty (Apr 02)
- Message not available
- Re: How can i protect against session hijacking? David Scholefield (Apr 03)
- Message not available
- RE: How can i protect against session hijacking? Debasis Mohanty (Apr 02)
- RE: How can i protect against session hijacking? Debasis Mohanty (Apr 02)
- RE: How can i protect against session hijacking? Debasis Mohanty (Apr 02)
- Re: How can i protect against session hijacking? AF (Apr 03)