Top

previous chapter To Study the Effect of Varying Camera Parameter...

next chapter Fog Computing Enabled Healthcare 4.0

Hint

Swipe to navigate through the chapters of this book

2021 | OriginalPaper | Chapter

Loop Holes in Cookies and Their Technical Solutions for Web Developers

Read first chapter

Authors: Talwinder Singh, Bilal Ahmad Mantoo

Publisher: Springer Singapore

Published in: Recent Innovations in Computing

» Get access to the full-text

Abstract

Session hijacking is the term used to describe the theft of session cookies, i.e., sniff the cookies and use those to impersonate the end user. A cookie is a small-sized text file sent by the Web server to the user’s browser and is store at the client side. When a user visits a Web site first time, the Web server generates a fresh cookie. The Web site uses that cookie to track the movements of an authorized user. Main threats of cookies are session fixation attack, cross-site scripting (XXS) attack, session sniffing attack, cookies cloning attack, and cookies controlling malware. The hacker sniffs the network traffic for cookies and uses same to impersonate the user. With performing session hijacking attack, the attacker acts as actual user on Web. In this paper, we are going to discuss some of the technique that helps in optimizing the cookie attacks in Web applications.

Please log in to get access to this content

To get access to this content you need the following product:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 69.000 Bücher
über 500 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Umwelt
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Testen Sie jetzt 30 Tage kostenlos.

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 50.000 Bücher
über 380 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Umwelt
Maschinenbau + Werkstoffe

Testen Sie jetzt 30 Tage kostenlos.

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 58.000 Bücher
über 300 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Testen Sie jetzt 30 Tage kostenlos.

inform now

Acunetix: (n.d.). Types of XSS: Stored XSS, Reflected XSS and DOM-based XSS. (Acunetix). Retrieved January 18, 2019, from https://www.acunetix.com/websitesecurity/xss/

Bisson, D.: Social Engineering Attacks to Watch Out For. (Tripwire) Retrieved from tripwire.com, 2015, March 23. https://www.tripwire.com/state-of-security/security-awareness/5-social-engineering-attacks-to-watch-out-for/

Braun, A.: What Are Supercookies, Zombie Cookies, and Evercookies, and are they a Threat (make tech easier), 2018, October 2. Retrieved from https://www.maketecheasier.com/supercookies-zombie-cookies-evercookies/

Cross-site_Scripting_(XSS), 2018, June 5. Retrieved 1 7, 2019, from www.owasp.org: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

Dacosta, I., Chakradeo, S., Ahamad, M., Traynor, P.: One-Time Cookies: Preventing Session Hijacking Attacks with Stateless Authentication Tokens. Georgia Institute of Technology, School of Computer Science. Georgia (2012)

Dutko, J.: Types of computer cookies. Retrieved January 15, 2019, from CRU Solutions, 2018, August 16. https://crusolutions.com/blog/how-types-of-computer-cookies-affect-your-online-privacy/

Endler, D.: Brute-Force Exploitation of Web Application Session IDs. iDefence The power of Intelligence, 40, Chantilly. iDEFENSE Inc, Virginia, United States of America, 2001, November 1.

Juels, A., Jakobsson, M., Jagatic, T.N.: Cache Cookies for Browser Authentication. In: 2006 IEEE Symposium on Security and Privacy (S&P'06), p. 5. IEEE, Berkeley/Oakland, CA, USA (2006).

Kumar, V.: Three Tier Verification Technique to Foil Session Sidejacking Attempts. Second Asian Himalayas International Conference on Internet (AH-ICI). IEEE , Kathmandu, Nepal (2011)

10.

Nathani, B.C., Adi, E.: Website vulnerability to session fixation attacks. J. Information Eng. App. II 7, 32–36 (2012)

11.

Palmer, C.: Secure Session Management with Cookies for Web. Retrieved October 14, 2018, from crypto.stanford.edu, 2008, September 10. https://crypto.stanford.edu/cs142/papers/web-session-management.pdf

12.

Park, J.S., Sandhu, R.: Secure Cookies on the Web. IEEE 4(4), 36–44 (2000)

13.

Reflected cross-site scripting. (n.d.). (PortsWigger web security). Retrieved January 18, 2019, from https://portswigger.net/web-security/cross-site-scripting/reflected

14.

Rouse, M.: supercookie. (TechTarget), 2017, February 28. Retrieved from https://searchsecurity.techtarget.com/definition/supercookie

15.

Ruzicka, V.: Session Fixation Attack, 2017, February 20. Retrieved August 9, 2018, from www.vojtechruzicka.com. https://www.vojtechruzicka.com/session-fixation-attack/

16.

Sathiyaseelan, A.M., Joseph, V.: A Proposed System for Preventing Session Hijacking with Modified One Time Cookie. IEEE, pp. 451–454, 2017, March

17.

Singh, R., Kumar, D.S.: A study of cookies and threats to cookies. Int. J. Adv. Res. Comput. Sci. Softw. Eng. VI 3, 339–343 (2016)

18.

Takahashi, H., Yasunaga, K., Mambo, M., Kim, K., Youm, H.Y.: Preventing Abuse of Cookies Stolen by XSS, pp. 85–89. CPS (Confrene Pulisher Services), Seoul, South Korea (2013)

19.

Techopedia: Data Theft, 2016, April 27. Retrieved from Techopedia.com: https://www.techopedia.com/definition/26274/data-theft

20.

What are persistent cookies used for? (n.d.). Retrieved January 2019, 19, from allaboutcookies.org. https://www.allaboutcookies.org/cookies/persistent-cookies-used-for.html

Title

Loop Holes in Cookies and Their Technical Solutions for Web Developers

Book

Recent Innovations in Computing

Print ISBN: 978-981-15-8296-7

Electronic ISBN: 978-981-15-8297-4

https://doi.org/10.1007/978-981-15-8297-4

DOI

https://doi.org/10.1007/978-981-15-8297-4_41

Authors:

Talwinder Singh
Bilal Ahmad Mantoo

Publisher

Springer Singapore

Sequence number

Premium Partner

Image Credits