Chapter 7 Phase3: Gaining Access Using Application and Operating System Attacks

Web Application Session Tracking

¨Most Web application generate a session ID to track the user’s session.

¨Session ID is passed back and forth across the HTTP or HTTPS connection when client browses web pages, enters data into forms, or conducting transactions

¨Session ID allows the Web application to maintain the state of a session with a user

¨Session ID is independent of the SSL connection

¨Session ID is Application-level data