Share
There are two kinds of Fixation attacks: basic, and two-step attacks.
 ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌
ALEX WEB DEVELOP

Alex
Session Fixation Attacks:
What They Are And How To Stop Them
by Alex
Session Fixation

Hey,
Alex here.

Security is critical for web applications. Especially for PHP-based backend apps.
This is why I decided to share with you (as a thank you for being a member of my newsletter) three lessons from my premium PHP Security Mastery course.

These lessons cover three fundamental security topics that every PHP developer must know:
  • Session fixation,
  • Cross-site Scripting (or XSS),
  • and Cross-site Request Forgery (or CSRF).

Let's start right away with the first topic.


How do you stop Session Fixation attacks?
A lot of PHP apps use Sessions, especially for user authentication.
Sessions use the Session ID to identify remote users. This ID is sent to the user's browser, usually as a cookie.


A remote user with a valid Session ID is automatically authenticated.
But what happens if an attacker steals the Session ID of someone else?
In that case, the attacker will be able to impersonate the victim.
This is a Session Fixation attack.

There are two kinds of Fixation attacks: basic, and two-step attacks.
You can stop the first kind with a correct Session configuration. To stop the second kind, you need a few more steps.

So, here are the two complete lessons from the course that deal with Session Fixation:



Before you go, I have a favor to ask you.
I love to talk about web security. But I want to talk about what you need to know.
So, please reply now and tell me:
  • What are your doubts about web security?
  • What is your BIGGEST problem with web security?
  • What consequences do you fear if your code is not secure?



That's all for today.
Don't miss my next email. It will be about Cross-Site Scripting attacks.

P.S. don't forget to send me your reply :)
P.P.S. Interested in my full PHP Security course? Click here for all the details.

Until next time,
Alex



Share the knowledge

Did you like this email? Share it with your friends and colleagues.
Click here to share it



You Don’t Want Your PHP Apps to be Hacked?
Then make sure it will not happen.
PHP Security Mastery is my security course that will teach you exactly how to make your code secure by showing you:
  • Which attacks you must prevent.
  • The specific defense techniques to stop each of those attacks.

Have a look at the details and judge for yourself.


Need help with your PHP code?
If you can't make your PHP code work, you can ask me for a Code Review.
I will verify your code, fix it and make sure it works the way you want.

Click here for the details.


Resources

Alex Web Develop - My blog where you can find my tutorials.
Alex PHP café
- My Facebook group where you can talk with me and other developers.

Technology vector created by pikisuperstar - www.freepik.com




You are receiving this newsletter because you subscribed to Alex Web Develop.

If you unsubscribe, you will not get any more emails from me.

Alessandro Castellano, P.IVA (VAT ID): 07012140484, via Luigi Morandi 32, 50141 Firenze FI, Italy

Email Marketing by ActiveCampaign