Statements (19)
Predicate | Object |
---|---|
gptkbp:instanceOf |
Web security vulnerability
|
gptkbp:affects |
Web applications
|
gptkbp:cause |
Session hijacking
|
gptkbp:documentedIn |
gptkb:OWASP_Top_Ten
|
gptkbp:exploits |
Attackers
Predictable session IDs Session IDs in hidden form fields URL-based session IDs Weak session management |
gptkbp:firstDescribed |
2001
|
https://www.w3.org/2000/01/rdf-schema#label |
Session fixation
|
gptkbp:involves |
Fixing a user's session ID before authentication
|
gptkbp:mitigatedBy |
Regenerating session ID after login
Setting HttpOnly and Secure flags Using secure cookies |
gptkbp:relatedTo |
Session management
|
gptkbp:bfsParent |
gptkb:Spring_Security
gptkb:Identification_and_Authentication_Failures |
gptkbp:bfsLayer |
6
|