Podchaser Logo
Home
Exploring Information Security - Exploring Information SecurityEpisode from the podcastExploring Information Security - Exploring Information Security
Next Episode
What is Session Hijacking?

What is Session Hijacking?

Released Tuesday, 4th June 2024
Good episode? Give it some love!
What is Session Hijacking?

What is Session Hijacking?

What is Session Hijacking?

What is Session Hijacking?

Tuesday, 4th June 2024
Good episode? Give it some love!
Rate Episode
About
InsightsPodchaser Pro
Reviews
Credits
Lists
Transcript

Summary:

In this informative episode, Timothy De Block discusses session hijacking with Web Application Security Engineer and PractiSec Founder Tim Tomes. The discussion delves into the intricacies of session hijacking, exploring its mechanics, vulnerabilities, and prevention strategies.

Tim’s website: https://www.lanmaster53.com/

You can reach out to Tim for Training, Consulting, Coaching, Remediation Support, and DevSecOps.

Episode Highlights:

Understanding Session Hijacking:

Tim Tomes clarifies the common misconceptions about session hijacking, emphasizing its relation to temporary credentials rather than sessions alone.

The conversation covers the technical aspects, including how sessions and tokens are hijacked, and the role of cookies in managing temporary credentials.

Technical Mechanisms and Vulnerabilities:

Detailed explanation of how session hijacking occurs, focusing on temporary credential management and the vulnerabilities that allow hijackers to exploit these credentials.

Prevention and Security Best Practices:

Strategies to prevent session hijacking, such as secure management of tokens and sessions, are discussed.

Importance of using flags like HTTPOnly and Secure to protect data transmitted in cookies.

Common Tools and Exploitation Techniques:

Tim Tomes discusses common tools like Burp Suite and its Collaborator tool for detecting and exploiting session hijacking vulnerabilities.

Real-world Application and Examples:

Practical insights into how session hijacking is executed in the real world, including Tim’s personal experiences and how these vulnerabilities are identified during security assessments.

Key Quotes:

"Session hijacking is not just about stealing sessions; it's about exploiting the temporary credentials that represent a user." - Tim Tomes

"Protecting applications from session hijacking involves understanding the application's handling of temporary credentials and implementing robust security measures." - Tim Tomes

Recommended Resources:

OWASP Guide on Session Management

Web Security Academy by PortSwigger

Show More
Rate
Get this podcast via API

From The Podcast

Exploring Information Security - Exploring Information Security

1
The Exploring Information Security podcast interviews a different professional each week exploring topics, ideas, and disciplines within information security. Prepare to learn, explore, and grow your security mindset.

Join Podchaser to...

  • Rate podcasts and episodes
  • Follow podcasts and creators
  • Create podcast and episode lists
  • & much more

Episode Tags

Do you host or manage this podcast?
Claim and edit this page to your liking.
,

Unlock more with Podchaser Pro

  • Audience Insights
  • Contact Information
  • Demographics
  • Charts
  • Sponsor History
  • and More!
Pro Features
Podchaser Logo

Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More