Cookies stored on computer maintains information that allow web
sites to authenticate user’s identity and speed up transactions.
However, cookies can also be accessed by other persons who are not
authorized to do so. If no security measures are there, an attacker
can examine a cookie and gets authorized user’s information. He
then may use this information to gain access to the user’s existing
accounts.
Different types of cookies :
Session Cookies : are stored in the computer's memory for limited period of time till browsing session and when the browsing session get end cookies get automatically deleted from the user's computer , And when next time user visit that particular site then site will not recognise the user and treat as a completely new visitor .
Permanent cookies : are the cookies which are not deleted from the user computer when browser is closed and are used to keep track of the user preferences for a particular site. Like we can use permanent cookies to keep track of user preferences and can remember user on next visit .
Flash cookies : Official term for flash cookies is Local Shared Objects ,this type of cookies is used to stored information related to media, such as video clips . Flash cookies are good when playing games as it is the way to save user progress . one main drawback of flash cookies is that you can’t locate it in your system .Flash cookies can save about 100 Kilobyte of user information by default .
What is Cookie Poisoning ?
Cookie poisoning is a technique used by unauthorized person to get access to the data in a cookie usually to steal someone’s information saved in cookie . By forging cookie, attacker can impersonate as a legal user and can gain information about victim's account or perform action as a victim.
How to prevent application from Cookie Poisoning attack?
To prevent from cookie poisoning attack ,cookies should be encrypted or a digital signature should be created which can be used to validate the content in all future communications between the sender and the recipient . Make the cookie HttpOnly so its not accessible to javascript.
- See more at: http://findnerd.com/list/view/Cookies-Poisoning-/2171/#sthash.r24uYErr.dpuf
For such more Blogs you can visit to http://findnerd.com/NerdDigest
Different types of cookies :
Session Cookies : are stored in the computer's memory for limited period of time till browsing session and when the browsing session get end cookies get automatically deleted from the user's computer , And when next time user visit that particular site then site will not recognise the user and treat as a completely new visitor .
Permanent cookies : are the cookies which are not deleted from the user computer when browser is closed and are used to keep track of the user preferences for a particular site. Like we can use permanent cookies to keep track of user preferences and can remember user on next visit .
Flash cookies : Official term for flash cookies is Local Shared Objects ,this type of cookies is used to stored information related to media, such as video clips . Flash cookies are good when playing games as it is the way to save user progress . one main drawback of flash cookies is that you can’t locate it in your system .Flash cookies can save about 100 Kilobyte of user information by default .
What is Cookie Poisoning ?
Cookie poisoning is a technique used by unauthorized person to get access to the data in a cookie usually to steal someone’s information saved in cookie . By forging cookie, attacker can impersonate as a legal user and can gain information about victim's account or perform action as a victim.
How to prevent application from Cookie Poisoning attack?
To prevent from cookie poisoning attack ,cookies should be encrypted or a digital signature should be created which can be used to validate the content in all future communications between the sender and the recipient . Make the cookie HttpOnly so its not accessible to javascript.
- See more at: http://findnerd.com/list/view/Cookies-Poisoning-/2171/#sthash.r24uYErr.dpuf
For such more Blogs you can visit to http://findnerd.com/NerdDigest
No comments:
Post a Comment