Chapter 7 Phase3: Gaining Access Using Application and Operating System Attacks

Attacking Session Tracking Mechanisms

¨Attacker changes his session ID to a value assigned to another user

–Application thinks that attacker is the other user

–