Explore web application security in this Black Hat USA 2004 conference talk focusing on session strength. Delve into various aspects of session management, including session states, tokens, and potential threats. Examine key spaces, password security, and session attacks. Learn about token creation, dynamic tokens, and user number tokens. Investigate the "Lucky Monkey" concept and its values. Analyze HTTP requests, confidentiality, and encoding techniques. Gain insights into session management best practices, phase space analysis, and key management. Discover how different web servers and programming languages like PHP and Java handle session tokens and cookies. Understand the importance of session expiration and modeling user behavior. Conclude with a comprehensive overview of data security in web applications.
Overview
Syllabus
Intro
Not like Syntax Errors
Windows XP
Session State
Session Tokens
What are the threats
Key spaces
Passwords
Session Attacks
Token Creation
Dynamic Token
User Number
Token
Lucky Monkey
Lucky Monkey Values
PEPSI
HTTP Request
Confidentiality
Encoding
Session Management
Summary
Phase Space Analysis
Key Management
Web Servers
PHP
Java
Session Tokens and Cookies
Session Expiration
Model User Behavior
Data Security
Quick Summary
Taught by
Black Hat
