Skip to content

Commit

Permalink
Update Session_Management_Cheat_Sheet.md inclusive/neutral terminology (
Browse files Browse the repository at this point in the history 
#1586)

Updated wording to use inclusive/neutral terminology.
  • Loading branch information
@ff00ff-security
ff00ff-security authored Jan 20, 2025
1 parent e73df46 commit c9ee615
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion cheatsheets/Session_Management_Cheat_Sheet.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -358,7 +358,7 @@ Web applications should focus on detecting anomalies associated to the session I

With the goal of detecting (and, in some scenarios, protecting against) user misbehaviors and session hijacking, it is highly recommended to bind the session ID to other user or client properties, such as the client IP address, User-Agent, or client-based digital certificate. If the web application detects any change or anomaly between these different properties in the middle of an established session, this is a very good indicator of session manipulation and hijacking attempts, and this simple fact can be used to alert and/or terminate the suspicious session.

Although these properties cannot be used by web applications to trustingly defend against session attacks, they significantly increase the web application detection (and protection) capabilities. However, a skilled attacker can bypass these controls by reusing the same IP address assigned to the victim user by sharing the same network (very common in NAT environments, like Wi-Fi hotspots) or by using the same outbound web proxy (very common in corporate environments), or by manually modifying his User-Agent to look exactly as the victim users does.
Although these properties cannot be used by web applications to trustingly defend against session attacks, they significantly increase the web application detection (and protection) capabilities. However, a skilled attacker can bypass these controls by reusing the same IP address assigned to the victim user by sharing the same network (very common in NAT environments, like Wi-Fi hotspots) or by using the same outbound web proxy (very common in corporate environments), or by manually modifying the User-Agent to look exactly as the victim users does.

### Logging Sessions Life Cycle: Monitoring Creation, Usage, and Destruction of Session IDs

Expand Down

0 comments on commit c9ee615

Please sign in to comment.