Poorly implemented session management can allow an attacker to exploit poor controls and gain access to sensitive information. In Web Application Penetration Testing: Session Management Testing, youÕll learn how to find those vulnerabilities before the bad guys do. First, you'll explore cookies, what to look for during a pen-test, and how you can brute force your way passed the login prompt. Next, you'll learn how easy it can be to hijack someone else's session with session fixation. Finally, youÕll discover what session puzzling is and how to leverage it as an attacker. When youÕre finished with this course, you'll have a solid understanding of what to look for while penetration testing session management.
- Testing for Bypassing Session Management Schema
- Testing for Cookie Attributes
- Testing for Session Fixation
- Testing for Exposed Session Variables
- Testing for Cross-site Request Forgery
- Testing for Logout Functionality
- Testing Session Timeout
- Testing Session Puzzling
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.