I'm looking at a third-party app in .NET and I'm trying to figure out which method Uses a URI Security Token
The page URL looks at something like this:
example.com/app/I (4b16emg) / account / Here the use of explicit protection in tokens (prevents attacks of XSRF and other types of session fixation and token theft). I'm not a hard core. Dev dev Maybe this is an underlying feature, because I'm pretty sure I have seen it before, but for that I have a hard time because I'm not sure what to say to him.
"Security token URI" and things like such inquiries do not seem very much.
Update with more information:
Any such session token to be used in addition to the session_id cookie to authenticate the session It appears that it takes a cycle for all new sessions and incorrectly ends its session and session also resets cookies, it is not related to user name or user_id value.
In this way, it depends on stabilizing vulnerability scans, replays attacks, session tokens theft, XSRF, reflected XSS and other similar attacks, to provide the injection points.
This is probably the second or third time in which I have seen the same format (a small token in the legs) between a URL in a format, so I was hoping someone would have given it a part of the structure In the form, or easily accessible library can be identified.
A bit of background: I do a lot of security applications, but .NET is not my feature.
This url looks like this is a security when the app's cooked sessions are current. Is less than the feature, and there is a way to deal with browsers that do not support / allow cookies.
The Web In configuring, see if the & lt; SessionState is cookieless = "true" />
No comments:
Post a Comment