Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
An attacker connects to a web site and then repeatedly sends messages to the web site to keep the session active and to track the status of the session. The attacker then sends spam to users of the website with a link that contains the pre-established session ID. When a user clicks on the link and logs-in to the web site, the change in session status is used to trigger a script which uses the now authenticated session to perform malicious actions under the user's account. This exploit depends on ...
session fixation
XSS.
failure to use a nonce.
unencrypted communication (failure to use SSL).
Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application. When authenticating a user, it doesn't assign a new session ID, making it possible to use an existent session ID.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.