A User-Level Authentication Scheme to Mitigate Web Session-Based Vulnerabilities


After the initial login, web browsers authenticate to web applications by sending the session credentials with every request. Several attacks exist which exploit conceptual de ciencies of this scheme, e.g. Cross-Site Request Forgery, Session Hijacking, Session Fixation, and Clickjacking. We analyze these attacks and identify their common root causes in the… (More)
DOI: 10.1007/978-3-642-32287-7_2

4 Figures and Tables


  • Presentations referencing similar topics