An Overview of Session Hijacking at the Network and Application Levels

With the business of ecommerce booming, more and more sensitive information is being passed around on the web. Financial and identity information are constantly at risk of being stolen as more and more users take advantage of the ease of doing business online through web applications. The purpose of this paper is to discuss one particularly salient security threat that this creates: session hijacking. It is important to understand this threat and to make an effort to design networks and applications that will be less vulnerable to it. Sensitive user information is stored within each session that is created upon client authentication and hackers are willing to go to great lengths to steal it. 'Indeed in a study of 45 Web applications in production at client companies @Stake (recently acquired by Symantec) found that 31 percent of e-commerce applications were vulnerable to cookie manipulation and session hijacking.' [9] In this paper I will be setting the stages for the session hijacking to occur then discussing the techniques and mechanics of the act of session hijacking and finally providing general strategies for its prevention.