Удален по просьбе правообладателя
  • Урок 1. 00:02:28
    Overview
  • Урок 2. 00:01:44
    What Is Session Hijacking?
  • Урок 3. 00:02:59
    Types of Session Hijacking
  • Урок 4. 00:03:41
    Attack Vectors
  • Урок 5. 00:03:27
    The Impact of Session Hijacking
  • Урок 6. 00:02:45
    Session Hijacking and the OWASP Top 10
  • Урок 7. 00:01:31
    Summary
  • Урок 8. 00:01:44
    Overview
  • Урок 9. 00:02:53
    The Stateless Nature of HTTP
  • Урок 10. 00:05:46
    Persisting State Over HTTP
  • Урок 11. 00:08:50
    Session Persistence in Cookies
  • Урок 12. 00:06:34
    Session Persistence in the URL
  • Урок 13. 00:03:22
    Session Persistence in Hidden Form Fields
  • Урок 14. 00:02:37
    Summary
  • Урок 15. 00:02:19
    Overview
  • Урок 16. 00:09:51
    Hijacking Cookies with Cross Site Scripting
  • Урок 17. 00:03:48
    Exposed Cookie Based Session IDs in Logs
  • Урок 18. 00:02:52
    Exposed URL Based Session IDs in Logs
  • Урок 19. 00:03:57
    Leaking URL Persisted Sessions in the Referrer
  • Урок 20. 00:05:33
    Session Sniffing
  • Урок 21. 00:06:41
    Session Fixation
  • Урок 22. 00:04:06
    Brute Forcing Session IDs
  • Урок 23. 00:05:11
    Session Donation
  • Урок 24. 00:03:04
    Summary
  • Урок 25. 00:03:05
    Overview
  • Урок 26. 00:09:00
    Understanding TCP
  • Урок 27. 00:05:23
    Reviewing the Three-way Handshake in Wireshark
  • Урок 28. 00:04:31
    Generation and Predictability of TCP Sequence Numbers
  • Урок 29. 00:02:29
    Blind Hijacking
  • Урок 30. 00:01:58
    Man in the Middle Session Sniffing
  • Урок 31. 00:01:48
    IP Spoofing
  • Урок 32. 00:02:20
    UDP Hijacking
  • Урок 33. 00:02:48
    Man in the Browser Attacks
  • Урок 34. 00:01:27
    Network Level Session Hijacking in the Wild
  • Урок 35. 00:02:09
    Summary
  • Урок 36. 00:02:13
    Overview
  • Урок 37. 00:03:19
    Use Strong Session IDs
  • Урок 38. 00:02:40
    Keep Session IDs Out of the URL
  • Урок 39. 00:06:34
    Don’t Reuse Session ID for Auth
  • Урок 40. 00:04:04
    Always Flag Session ID Cookies as HTTP Only
  • Урок 41. 00:04:43
    Use Transport Layer Security
  • Урок 42. 00:05:39
    Always Flag Session ID Cookies as Secure
  • Урок 43. 00:05:59
    Session Expiration and Using Session Cookies
  • Урок 44. 00:03:10
    Consider Disabling Sliding Sessions
  • Урок 45. 00:02:30
    Encourage Users to Log Out
  • Урок 46. 00:01:54
    Re-authenticate Before Key Actions
  • Урок 47. 00:03:16
    Summary
  • Урок 48. 00:02:00
    Overview
  • Урок 49. 00:05:04
    Manipulating Session IDs with OWASP ZAP
  • Урок 50. 00:09:48
    Testing Session Token Strength with Burp Suite
  • Урок 51. 00:04:39
    Dynamic Analysis Testing with NetSparker
  • Урок 52. 00:03:53
    Other Tools
  • Урок 53. 00:02:05
    Summary