Session Token in URL Vulnerability
The HTTP protocol and web servers are stateless by nature. This means that there is no way for them to track user activity. The web server treats every request as a new one. For this... Read More → The post Session Token in URL Vulnerability appeared first on Acunetix ... Read More
Authenticated Scans on Applications That Make Use of One-time Tokens or CAPTCHAs
One-Time Tokens add another layer of security, supplementing the username and password with a code that only the individual user has access to (for example by SMS or via a security key). A CAPTCHA has a different purpose, as it provides a test used to identify whether the user is ... Read More
Scanning applications that make use of Single Sign-On (SSO)
Single Sign-On (SSO) is a service which allows users to have one set of login credentials to access multiple web applications. SSO allows a user to log in once and gain access to various applications, without the need to re-enter login credentials at each application. SSO works as follows: A ... Read More
Session Detection: What to do if the LSR fails to identify a session pattern
Session Detection is the final step in the configuration of the Login Sequence Recorder (LSR). A valid Session Pattern is vital for a successful scan, as with it the scanner is able to identify whether it is authenticated or not. During a scan, the session detection request is sent continuously ... Read More
