Security Paper: Session Fixation Vulnerability in Web-based Applications

From: Mitja Kolsek (ACROS Lists) (listsat_private)
Date: Wed Dec 18 2002 - 06:01:25 PST

Next message: Mitja Kolsek \(ACROS Lists\): "[VulnWatch] Security Paper: Session Fixation Vulnerability in Web-based Applications"

Previous message: Marc Ruef: "Missing admin sql password in Okena StormWatch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ACROS Security is pleased to announce the publication of a security paper
about a new class of attacks on web-based applications that we named
"session fixation" attacks. The paper is available at

	[ http://www.acros.si/papers/session_fixation.pdf ]

and could be useful to all web applications developers and security
analysts. We will appreciate any feedback you might provide.

Mitja Kolsek

ACROS, d.o.o.
Stantetova 4, SI - 2000 Maribor, Slovenia
web: http://www.acros.si
e-mail: mitja.kolsekat_private

Next message: Mitja Kolsek \(ACROS Lists\): "[VulnWatch] Security Paper: Session Fixation Vulnerability in Web-based Applications"
Previous message: Marc Ruef: "Missing admin sql password in Okena StormWatch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 11:32:16 PST