Attack Types to Be Aware Of
No chapter would be complete without a few threats to scare you. In this case, there are two worth paying particular attention to: session hijacking and header manipulation. Each is discussed in the sections that follow.
Session Hijacking
The term session hijacking is used when the item used to validate a user’s session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party. To use an overly simplistic analogy, imagine that you just finished a long cell phone conversation with a family member and then accidentally left your cell phone in the room while stepping outside. If I were to pick up that phone and press redial, the family ...
Get CompTIA® Security+™: Study Guide, Fifth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.