Sciweavers

ESSOS
2011
Springer

SessionShield: Lightweight Protection against Session Hijacking

13 years 4 months ago
SessionShield: Lightweight Protection against Session Hijacking
The class of Cross-site Scripting (XSS) vulnerabilities is the most prevalent security problem in the field of Web applications. One of the main attack vectors used in connection with XSS is session hijacking via session identifier theft. While session hijacking is a client-side attack, the actual vulnerability resides on the server-side and, thus, has to be handled by the website’s operator. In consequence, if the operator fails to address XSS, the application’s users are defenseless against session hijacking attacks. In this paper we present SessionShield, a lightweight client-side protection mechanism against session hijacking that allows users to protect themselves even if a vulnerable website’s operator neglects to mitigate existing XSS problems. SessionShield is based on the observation that session identifier values are not used by legitimate clientside scripts and, thus, need not to be available to the scripting languages running in the browser. Our system requires no ...
Nick Nikiforakis, Wannes Meert, Yves Younan, Marti
Added 27 Aug 2011
Updated 27 Aug 2011
Type Journal
Year 2011
Where ESSOS
Authors Nick Nikiforakis, Wannes Meert, Yves Younan, Martin Johns, Wouter Joosen
Comments (0)