No, SlidingExpiration is not the answer (://URLFAN)

How popular is your website?  
Enter a website above, we'll show you who's talking about it right now.
We're currently ranking the popularity of 3,783,534 websites by parsing 121,588,215 blog posts from 2,025,551 blog feeds.
Article Structure
4 paragraphs
3808 characters
2 images
2 outgoing links

No, SlidingExpiration is not the answer

Post Date: Aug 07, 2008 1:06 p.m.
Ranked website: cyphersec.com (Not Ranked Yet)

For full text please visit source:
http://www.cyphersec.com/?p=333

So the question is, shall we use slidingExpiration and what is the point of using it? I never had a good feeling with the slidingExpiration, basically i don’t like slidingExpiration for two big reasons. The slidingExpiration setting was born as an application measure to reduce the risk of token stealing. when set to false, the specified timeout interval becomes a fixed period of time from the initial login, rather than a period of inactivity. Attackers using a stolen  authentication token have, at maximum, only the specified length of time to impersonate the user before the session times out. Because typical attackers of these Web-based applications have only the token, and don’t really know the user’s credentials, they can’t log back in as the legitimate user, so the stolen authentication token is now useless and the application security threat is mitigated. When sliding expiration is enabled, as long as an attacker makes at least one request to the system ev...

Content suppressed by ://URLFAN, for full article visit source

Websites mentioned in article
(click for rank details):

msdn.com
msdn.microsoft.com

Buzz Words mentioned in article:

No buzz words were found in article
How popular is www.cyphersec.com?

Click here to view stats and graphs for cyphersec.com

More posts from www.cyphersec.com

Tributi a cyphersec, what the hell is going on
From: cyphersec.com
Post Date: 2007-12-13 11:09:35

Nei precedenti giorni sono stati portati a termine con successo numerosi defacement a siti di e-commerce. Le firme dietro le quali si nascondo persone al momento sconosciute hanno portato un tributo a cyphersec . Nella firma infatti, a seguito del nome viene riportato un ringraziamento al sito che attualmente gestisco. Ringrazio per il tributo, ma voglio portare alla vostra attenzione alcuni punti che voglio ben specificare Non mi reputo e non posso essere considerato colpevole dei recenti... more
Ops i did it again
From: cyphersec.com
Post Date: 2007-11-28 02:46:01

Source: asxplaylistnew.aspx "Your source.. our passion" 1: 2: Intervento di Walter Veltroni 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14:   15: 16: Intervista a Piero Fassino 17: 18: 19: 20: 21: 22: 23: 24: 25: ... more
Nuovi Tools in uscita
From: cyphersec.com
Post Date: 2007-11-27 11:28:14

Periodo di pentesting estremo questo, se poi ci aggiungiamo la scrittura di un nuovo libro.. ahi ahi.. ho veramente pochissimo tempo per aggiornarmi su gli strumenti in uscita. Riporto i tools che secondo me sono "interessanti". Tcpflow Programma che cattura i dati trasmessi su connessioni tcp e le archivia in una forma che ne permetta l’analisi. Utile in ambienti di Intelligence Gathering, tcpflow ha una interessante funzione per il recupero e la ritrasmissione dei pacchetti. M... more
Advisory: Toyo Tires
From: cyphersec.com
Post Date: 2007-11-27 08:01:52

Update : non avendo ricevuto risposta, rilascio le info necessarie. As usual, non mi assumo alcuna responsabilità per eventuali defacement e/o alterazioni al contenuto del sito in questione. toyo.com Alessio Marziali www.cyphersec.com Vendor contattato il : 27/11/2007 Risposta Vendor : no Rilasciato pubblico: 03/12/2007 alessio.marziali@cyphersec.com Tipologia Vulnerabilità : SQL Injection Componente Vulnerabile : BEX Management - Shaw Binary Systems Inc Digitando http://www.toyo.c... more


Next Article | Previous Article


Feeds and posts are not affliated with ://URLFAN. They are displayed here simply for informational purposes, if you would like to remove your feed, posts, or domain from ranking and analysis, please contact us.

© 2006-2008 ://URLFAN (Server 202 Generated Nov 22 08 06:36 in 0.270 secs.)

Contact Us / About ://URLFAN / Notify me when my site is added or updated. / Add my RSS feed to ://URLFAN