[Owasp-delhi] Session ID analysis

Vaibhav Gupta vaibhg at gmail.com
Wed Nov 3 03:55:59 EDT 2010

Hi suresh

One good tool for session ID analysis is Owasp - Webscarab.

It can extract and plot session ID values over time in graphical format and
help inferring its randomness. You can even use Burp-Sequencer for indepth
analysis for the session IDs.

Vaibhav Gupta

On Tue, Nov 2, 2010 at 1:54 PM, suresh tiwary
<sureshtiwary at rediffmail.com>wrote:

> Dear All,
> May we know the tools(open source, freeware and commercial tools) and
> scripts available for Session ID analysis in web applications. Which
> commercial tool is best for Session ID analysis ?
> Many companies working in IT Security but do not perform Session ID
> analysis and so how do they conclude the risk analysis of Session ID during
> web application penetration testing & assessment ? Is the Session ID
> generated by .NET application/ framework safe enough. how about java web
> applications ?
> regards,
> suresh
> <http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/[email protected]?>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20101103/ccfeee48/attachment.html 

More information about the Owasp-delhi mailing list