Web Application Session Auditing Part 1: Intro

Web application session handling is one of the most difficult things to do right. As we move more and more towards standard web frameworks (djangorails, etc.) to handle the basic functionality of a custom web application, this becomes a smaller issue. Unfortunately, there are engineers and developers that insist on going it alone in this realm. There are also legacy applications that require backward compatibility and then there are just plain old out of date applications that still serve publicly.

Read More

Web Application Session Auditing Part 2: Recon

One of the best things you can do is take time to understand how the authentication system works on your target site. How is the session stored? In a cookie? In the URL? What happens when you fuzz or substitute random values for the session ID value? How does the application react in different scenarios? That's what we're going to talk about in-depth with some actual steps on how to find out.

Read More


Call us at (214) 556-6613 or   CONTACT US