How do you perform on a test that checks whether criminals can steal your browser cookies or hijack your web session?

How are we testing?:

This test takes a cookie from one website and tries to post it to a second one, a clear sign of an attempt to hijack the web session.

To make sure you have not received a false positive, please check to see that you are not blacklisting the Zscaler website.

Why is this test important?:

Cookie theft is the primary way criminals steal your user's personal information such as logins to Gmail or Facebook or to corporate accounts on Oracle or Salesforce. Criminals often try different methods of script injection.

Take our security preview now

Websites Using Adobe Flash Vulnerable to Cookie-Stealing

Google, YouTube, Twitter, Ebay, Instagram and thousands of websites using Adobe Flash were vulnerable to the cookie-stealing bug, Rosetta Flash. Google Security Engineer, Michele Spagnuolo, writes "This is a well known issue in the infosec community, but so far no public tools for generating arbitrary ASCII-only, or, even better, alphanum only, valid SWF files have been presented. This led websites owners and even big players in the industry to postpone any mitigation until a credible proof of concept was provided.Source

In the News:

From internet to splinternet: why there's something wrong with the web - CampaignLive

21 Mar 2017
While there were some utopian visions of an AI and VR fuelled future, the event was dominated by dystopian concerns about filter bubbles, the end of privacy, fake news and the hijacking of emerging technology by an increasingly switched on populist ...

How to stay safe on public Wi-Fi - The Daily Dot

02 Mar 2017
Free public Wi-Fi is everywhere: in hotels, malls, libraries, coffee shops. To most people, they're an excellent way to save on your mobile data plan while reading news, managing your social media accounts and reading your emails. But free Wi-Fi ...

VMware patches MitM and web session hijack vulnerability - SC Magazine

15 Apr 2016
VMware released a security advisory for a critical issue in the firm's Client Integration Plugin (CIP) that could allow man-in-the-middle (MitM) attacks or web session hijacking. The vulnerability is present in versions of the CIP that are shipped with ...

More »