Website authentication and poor session management generates several security issues.using session is to maintain the user identity. If user credentials and session data are not protected every time, then attacker can break these security and will get the user details.
Here are the possible loop holes where an attacker can attack on website.
1. If the password is not strong as it should be. i.e. password must contain capital letter, small letter, numbers, special character combination.
2. The password should be stored in encrypted format.
3. The session id name should not be common type. It should be typical as to guess.
4. There is possibility URL might contain session id. So this type of practice should be avoided.
5. Session timeout to be implemented to prevent the session hijacking.
No comments:
Post a Comment