How do you perform on a test that checks whether criminals can steal your browser cookies or hijack your web session?

How are we testing?:

This test takes a cookie from one website and tries to post it to a second one, a clear sign of an attempt to hijack the web session.

To make sure you have not received a false positive, please check to see that you are not blacklisting the Zscaler website.


Why is this test important?:

Cookie theft is the primary way criminals steal your user's personal information such as logins to Gmail or Facebook or to corporate accounts on Oracle or Salesforce. Criminals often try different methods of script injection.


Take our security preview now

Websites Using Adobe Flash Vulnerable to Cookie-Stealing

Google, YouTube, Twitter, Ebay, Instagram and thousands of websites using Adobe Flash were vulnerable to the cookie-stealing bug, Rosetta Flash. Google Security Engineer, Michele Spagnuolo, writes "This is a well known issue in the infosec community, but so far no public tools for generating arbitrary ASCII-only, or, even better, alphanum only, valid SWF files have been presented. This led websites owners and even big players in the industry to postpone any mitigation until a credible proof of concept was provided.Source

In the News:

How To Become A Certified Ethical Hacker 2017 - Techworm

30 Mar 2017
IT professionals learn about SQL injection, session hijacking, social engineering, reconnaissance and footprinting, enumeration, and how to hack web servers, applications and mobile platforms through Pluralsight's ethical hacking courses. 360training ...

Local Windows Admins Can Hijack Sessions Without Credentials - Threatpost

20 Mar 2017
A researcher has exposed how attackers with local admin privileges could use native command-line Windows tools to hijack other users' sessions without credentials. Researcher Alexander Korznikov on Friday published a report in which he describes how ...

VMware patches MitM and web session hijack vulnerability - SC Magazine

15 Apr 2016
VMware released a security advisory for a critical issue in the firm's Client Integration Plugin (CIP) that could allow man-in-the-middle (MitM) attacks or web session hijacking. The vulnerability is present in versions of the CIP that are shipped with ...

More »

LEADERS SELECT LEADERS