Session Attacks + Cookie Stealing and Manipulation + Insecure Direct Object References

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/3

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

4 Terms

1
New cards

Session attacks

session hijacking attacks take a different approach by stealing an existing authenticated session

2
New cards

Cookie manipulation

Once the attacker has the cookie, they may perform ____ to alter the details sent back to the website or simply use the cookie as the badge required to gain access to the site. This is known as a session replay attack

3
New cards

NTLM pass-the-hash attack

The ____ is another form of replay attack that takes place against the operating system rather than a web application. The attacker begins by gaining access to a Windows system and then harvests stored NTLM password hashes from that system. They can then attempt to use these hashes to gain user or administrator access to that system or other systems in the same Active Directory domain

4
New cards

Insecure Direct Object References

If the application does not perform authorization checks, the user may be permitted to view information that exceeds their authority. This situation is known as ___