[OWASP-GUIDE] White paper: Authentication and Session Management on the Web

Paul Johnston paul at westpoint.ltd.uk
Wed Feb 9 06:13:29 EST 2005


Hi,

You may be interested in this paper I've written:

  http://www.westpoint.ltd.uk/advisories/Paul_Johnston_GSEC.pdf

The first ten pages or so are probably less interesting to readers of
this list, but the latter part covers in detail all the attacks such as
session fixation, CSRF, etc.

Any constructive discussion is welcomed!

Paul

-- 
Paul Johnston, GSEC
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul at westpoint.ltd.uk
web: www.westpoint.ltd.uk






More information about the Owasp-guide mailing list