SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsInternet users all over the world are using web-based systems to manage important data for them such as bank account and healthcare information. Users assume that these systems are securely designed but many web applications have severe security flaws that allow simple attacks to succeed. One of the most common vulnerabilities is insecure session management. Online systems have unique security considerations that must be addressed to maintain the security of the data they manage and control. This paper will start from the basics and define what session management is and how it works. Next, attacks on session management will be described followed by methods to defeat these attacks. Finally, examples of session management security flaws in popular web applications will be presented to illustrate how session management can fail. Implementing good session management is possible using a holistic defense-in-depth approach. However, doing so requires proper education on the part of the design team and a desire to develop the web application securely from the outset. |