
	session hijacking


	Home > Software Quality Definitions - Session hijacking

SearchSoftwareQuality.com Definitions (Powered by WhatIs.com)

EMAIL THIS

LOOK UP TECH TERMS		Powered by:

Browse tech terms alphabetically:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

session hijacking

Word of the Day

Digg This! StumbleUpon Del.icio.us

Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. Once the user's session ID has been accessed (through session prediction), the attacker can masquerade as that user and do anything the user is authorized to do on the network.

The session ID is normally stored within a cookie or URL. For most communications, authenticationprocedures are carried out at set up. Session hijacking takes advantage of that practice by intruding in real time, during a session. The intrusion may or may not be detectable, depending on the user's level of technical knowledge and the nature of the attack. If a Web site does not respond in the normal or expected way to user input or stops responding altogether for an unknown reason, session hijacking is a possible cause.

LAST UPDATED:

25 Sep 2006

Read more about session hijacking:

-	Microsoft's TechNet Magazine has an article about preventing session hijacking.
-	Imperva describes how session hijacking works.

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

Digg This!

StumbleUpon

Del.icio.us

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2006 - 2008, TechTarget \| Read our Privacy Policy