Building Zero-Day Self-Defending Web Applications: Enforcing Authoritative Action To Stop Session Attacks presented at Blackhat Europe 2005

by Arian J. Evans,

Tags: Security Web

Summary : Web applications today suffer from state issues, weak session handling, and lack of stateful authorization. Many of the issues are well known, but the techniques for building secure applications are still relatively ignored. This is due to lack of documentation and awareness of the threats and attack methods; that landscape is rapidly changing.