How can i prevent session hijacking in a asp.net web application from tools like burp suite? I have tried checking ipAdress and web browser details for authentication in global.asax file but not able to reach the solution.
Asked
Active
Viewed 848 times
2 Answers
1
It is important to emphasize that SSL/TLS (HTTPS) does not protect against session ID prediction, brute force, client-side tampering or fixation. Yet, session ID disclosure and capture from the network traffic is one of the most prevalent attack vectors even today.
In order to implement Session Management in ASP.NET you should implement the ASP.Net Framework and guidance.
For critical transaction make sure you secure the payload to detect any unauthorized manipulation.
Wolfram Kluge
- 11
- 1
0
Use HTTPS for secure connection to prevent network sniffing.
Use httpOnly to prevent malicious client-side javascript from accessing cookies.
DiderDrogba344
- 534
- 8
- 17
-
thanks.. but are there any other ways that can atleast readuce the chances of session hijacking? – neophyte_coder Apr 20 '17 at 05:16
-
There are many vectors of session hijacking. If you want to prevent network sniffers, use HTTPS. People can also obtain session tokens via injecting malicious javascript into websites so use httpOnly so client side javascript cannot access cookies. – DiderDrogba344 Apr 20 '17 at 05:21
-
np. glad that helped! now if you don't mind hitting that checkmark for this answer that would be awesome! :) – DiderDrogba344 Apr 20 '17 at 05:35