Building Zero-Day Self-Defending Web Applications: Enforcing Authoritative Action To Stop Session Attacks

No ratings

Presented at Blackhat Europe 2005 by

Arian Evans

Web applications today suffer from state issues, weak session handling, and lack of stateful authorization. Many of the issues are well known, but the techniques for building secure applications are still relatively ignored. This is due to lack of documentation and awareness of the threats and attack methods; that landscape is rapidly changing.