Skip to content

Commit

Permalink
Update Session_Management_Cheat_Sheet.md possession and plural change
Browse files Browse the repository at this point in the history 
Updated wording to address possession and plural inconsistency.
  • Loading branch information
@ff00ff-security
ff00ff-security authored Jan 23, 2025
1 parent d0b9a1d commit 7dd81e7
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion cheatsheets/Session_Management_Cheat_Sheet.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -358,7 +358,7 @@ Web applications should focus on detecting anomalies associated to the session I

With the goal of detecting (and, in some scenarios, protecting against) user misbehaviors and session hijacking, it is highly recommended to bind the session ID to other user or client properties, such as the client IP address, User-Agent, or client-based digital certificate. If the web application detects any change or anomaly between these different properties in the middle of an established session, this is a very good indicator of session manipulation and hijacking attempts, and this simple fact can be used to alert and/or terminate the suspicious session.

Although these properties cannot be used by web applications to trustingly defend against session attacks, they significantly increase the web application detection (and protection) capabilities. However, a skilled attacker can bypass these controls by reusing the same IP address assigned to the victim user by sharing the same network (very common in NAT environments, like Wi-Fi hotspots) or by using the same outbound web proxy (very common in corporate environments), or by manually modifying the User-Agent to look exactly as the victim users does.
Although these properties cannot be used by web applications to trustingly defend against session attacks, they significantly increase the web application detection (and protection) capabilities. However, a skilled attacker can bypass these controls by reusing the same IP address assigned to the victim user by sharing the same network (very common in NAT environments, like Wi-Fi hotspots) or by using the same outbound web proxy (very common in corporate environments), or by manually modifying the User-Agent to look exactly like the victim user's.

### Logging Sessions Life Cycle: Monitoring Creation, Usage, and Destruction of Session IDs

Expand Down

0 comments on commit 7dd81e7

Please sign in to comment.