[Owasp-delhi] Session ID analysis

Vaibhav Gupta vaibhg at gmail.com
Wed Nov 3 03:55:59 EDT 2010


Hi suresh

One good tool for session ID analysis is Owasp - Webscarab.
http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project

It can extract and plot session ID values over time in graphical format and
help inferring its randomness. You can even use Burp-Sequencer for indepth
analysis for the session IDs.
http://portswigger.net/burp/download.html

Regards
Vaibhav Gupta


On Tue, Nov 2, 2010 at 1:54 PM, suresh tiwary
<sureshtiwary at rediffmail.com>wrote:

> Dear All,
>
> May we know the tools(open source, freeware and commercial tools) and
> scripts available for Session ID analysis in web applications. Which
> commercial tool is best for Session ID analysis ?
>
> Many companies working in IT Security but do not perform Session ID
> analysis and so how do they conclude the risk analysis of Session ID during
> web application penetration testing & assessment ? Is the Session ID
> generated by .NET application/ framework safe enough. how about java web
> applications ?
>
> regards,
> suresh
>
> <http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/[email protected]?>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20101103/ccfeee48/attachment.html 


More information about the Owasp-delhi mailing list