Ethical Hacking: Session Hijacking

Pluralsight

Course Summary

Session hijacking is considered one of the top two risks on the web today. Understanding how to detect it and identify risks in both your web applications and your network is absolutely critical. This course goes through the risks in depth and helps you to become an ethical hacker with a strong session hijacking understanding. This course is part of the Ethical Hacking Series. http://blog.pluralsight.com/learning-path-ethical-hacking

+
Course Description

Session persistence is a fundamental concept in information systems. On the web, for example, which is dependent on the stateless HTTP protocol, session persistence is a key component of features ranging from shopping carts to the ability to logon. At a lower level on the network tier, the TCP protocol relies on sessions for communication between machines such as a client and a server. The confidentiality and integrity of this communication can be seriously impacted by a session hijacking attack. Learning how to identify these risks is an essential capability for the ethical hacker. Systems are frequently built insecurely and readily expose these flaws. Conversely, the risks are often easy to defend against by implementing simple patterns within the application. This course walks through both the risks and the defenses. This course is part of the Ethical Hacking Series. http://blog.pluralsight.com/learning-path-ethical-hacking

Course Description

Session persistence is a fundamental concept in information systems. On the web, for example, which is dependent on the stateless HTTP protocol, session persistence is a key component of features ranging from shopping carts to the ability to logon. At a lower level on the network tier, the TCP protocol relies on sessions for communication between machines such as a client and a server. The confidentiality and integrity of this communication can be seriously impacted by a session hijacking attack. Learning how to identify these risks is an essential capability for the ethical hacker. Systems are frequently built insecurely and readily expose these flaws. Conversely, the risks are often easy to defend against by implementing simple patterns within the application. This course walks through both the risks and the defenses. This course is part of the Ethical Hacking Series. http://blog.pluralsight.com/learning-path-ethical-hacking

+
Course Syllabus

Understanding Session Hijacking
- 18m 31s

—Overview 2m 27s
—What Is Session Hijacking? 1m 43s
—Types of Session Hijacking 2m 58s
—Attack Vectors 3m 40s
—The Impact of Session Hijacking 3m 26s
—Session Hijacking and the OWASP Top 10 2m 44s
—Summary 1m 30s

Session Persistence in Web Applications
- 31m 43s

—Overview 1m 44s
—The Stateless Nature of HTTP 2m 53s
—Persisting State Over HTTP 5m 45s
—Session Persistence in Cookies 8m 49s
—Session Persistence in the URL 6m 33s
—Session Persistence in Hidden Form Fields 3m 22s
—Summary 2m 36s

Hijacking Sessions in Web Applications
- 47m 18s

—Overview 2m 18s
—Hijacking Cookies with Cross Site Scripting 9m 50s
—Exposed Cookie Based Session IDs in Logs 3m 48s
—Exposed URL Based Session IDs in Logs 2m 51s
—Leaking URL Persisted Sessions in the Referrer 3m 56s
—Session Sniffing 5m 32s
—Session Fixation 6m 40s
—Brute Forcing Session IDs 4m 6s
—Session Donation 5m 10s
—Summary 3m 3s

Network and Client Level Session Hijacking
- 36m 53s

—Overview 3m 4s
—Understanding TCP 8m 59s
—Reviewing the Three-way Handshake in Wireshark 5m 22s
—Generation and Predictability of TCP Sequence Numbers 4m 30s
—Blind Hijacking 2m 28s
—Man in the Middle Session Sniffing 1m 57s
—IP Spoofing 1m 47s
—UDP Hijacking 2m 20s
—Man in the Browser Attacks 2m 47s
—Network Level Session Hijacking in the Wild 1m 27s
—Summary 2m 9s

Mitigating the Risk of Session Hijacking
- 45m 56s

—Overview 2m 13s
—Use Strong Session IDs 3m 18s
—Keep Session IDs Out of the URL 2m 39s
—Don’t Reuse Session ID for Auth 6m 34s
—Always Flag Session ID Cookies as HTTP Only 4m 3s
—Use Transport Layer Security 4m 42s
—Always Flag Session ID Cookies as Secure 5m 38s
—Session Expiration and Using Session Cookies 5m 58s
—Consider Disabling Sliding Sessions 3m 9s
—Encourage Users to Log Out 2m 29s
—Re-authenticate Before Key Actions 1m 53s
—Summary 3m 15s

Automating Session Hijack Attacks
- 27m 27s

—Overview 1m 59s
—Manipulating Session IDs with OWASP ZAP 5m 3s
—Testing Session Token Strength with Burp Suite 9m 47s
—Dynamic Analysis Testing with NetSparker 4m 38s
—Other Tools 3m 52s
—Summary 2m 5s

Course Fee:

USD 29

Course Type:	Self-Study
Course Status:	Active
Workload:	1 - 4 hours / week

This course is listed under Open Source , Development & Implementations , Data & Information Management , Networks & IT Infrastructure , Operating Systems , IT Security & Architecture , Telecommunications and Quality Assurance & Testing Community

Attended this course? Write a Review

Course Fee:

USD 29

Course Type:	Self-Study
Course Status:	Active
Workload:	1 - 4 hours / week

IT Career Development Platform

Ethical Hacking: Session Hijacking

Pluralsight

Course Summary

Course Description

Course Description

Course Syllabus

Course Type:

Course Status:

Workload:

Intrusion Detection System (IDS)

Uniform Resource Locator (URL)

Ethical Hacking

Testing

TCP (Transmission Control Protocol)

OWASP (Open Web Application Security Project)

COM+

Wireshark

User Datagram Protocol (UDP)

IP spoofing

Attended this course? Write a Review

Course Type:

Course Status:

Workload: