sunitha

 Profile Answers by sunitha 

• Mar 10th, 2008

 

security testing is checking the application for unauthorised access in the application.session hijacking is capturing the URL of perticular application and pasting that URL on to anothor new window, and click on go will go to that particular application page, without logging in their perticular account.

mathan_vel

 Profile Answers by mathan_vel Questions by mathan_vel

• Apr 9th, 2009

 

Session Hijacking is not but, one the secured informations are stealed from using the other session in the other users browser URL..

for exampls if a user sign in a Banking web based application, another user recorded the same url with directly from Url or indirectly thru mails. and use the same url in his browser and access the user right.. which one is Severe on the Security basis...

this can be ensure that
1) the copied url should be expired once it used in other system(IP map)
2) application should not show any information while Seesion Hijacking.
3) session should expiered with in a time period intervals.
4) application should end session if the page is refreshed