Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SAC
2015
ACM
2015
ACM
SecSess: keeping your session tucked away in your browser
Session management is a crucial component in every modern web application. It links subsequent requests and temporary stateful information together, enabling a rich and interactive user experience. Unfortunately, the de facto standard cookie-based session management mechanism is imperfect, which is why session management vulnerabilities rank second in the OWASP top 10 of web application vulnerabilities [18]. While improved session management mechanisms have been proposed, none of them achieves compatibility with currently deployed applications or infrastructure components such as web caches. We propose SecSess, a lightweight session management mechanism that addresses common session management vulnerabilities by ensuring a session remains under control of the parties that established it. SecSess is fully interchangeable with the currently deployed cookie-based session management, and can be gradually deployed to clients and servers through an opt-in mechanism. Evaluation of our proof-...
Real-time Traffic| Added | 17 Apr 2016 |
| Updated | 17 Apr 2016 |
| Type | Journal |
| Year | 2015 |
| Where | SAC |
| Authors | Philippe De Ryck, Lieven Desmet, Frank Piessens, Wouter Joosen |
Comments (0)
Researcher Info
|
