How do you perform on a test that checks whether criminals can steal your browser cookies or hijack your web session?

How are we testing?:

This test takes a cookie from one website and tries to post it to a second one, a clear sign of an attempt to hijack the web session.

To make sure you have not received a false positive, please check to see that you are not blacklisting the Zscaler website.


Why is this test important?:

Cookie theft is the primary way criminals steal your user's personal information such as logins to Gmail or Facebook or to corporate accounts on Oracle or Salesforce. Criminals often try different methods of script injection.


Take our security preview now

Websites Using Adobe Flash Vulnerable to Cookie-Stealing

Google, YouTube, Twitter, Ebay, Instagram and thousands of websites using Adobe Flash were vulnerable to the cookie-stealing bug, Rosetta Flash. Google Security Engineer, Michele Spagnuolo, writes "This is a well known issue in the infosec community, but so far no public tools for generating arbitrary ASCII-only, or, even better, alphanum only, valid SWF files have been presented. This led websites owners and even big players in the industry to postpone any mitigation until a credible proof of concept was provided.Source

In the News:

Have You Patched Those 35 Java Vulns on IBM i? - IT Jungle

19 Jul 2017
The patch count since March includes fixes for security vulnerabilities in various technologies supported in IBM i 6.1 through 7.3, including 35 alone in Java, as well as flaws in Python, Samba, BIND, and the integrated Web server. .... In one case, an ...

Oracle Access Manager servers open to session hijacking - SC Magazine

13 Jul 2017
Two Belgian security researchers have found a flaw with Oracle Access Manager (OAM) version 10g that 99 percent of the companies they checked on did not have properly configured thus leaving those organizations open to a specially crafted phishing ...

Vulnerabilities Expose Oracle OAM 10g to Remote Session Hijacking - Threatpost

12 Jul 2017
Oracle's next quarterly Critical Patch Update is slated for July 18, but two vulnerabilities in an older version of the company's Oracle Access Manager (OAM) solution won't be among the bugs patched. Version 10g of the software, Oracle's solution for ...

More »

LEADERS SELECT LEADERS