A site simply doesn’t use SSL for all pages that require authentication. and observes an authenticated victim’s session cookie. Attacker then replays this cookie and takes over the user’s session. To prevent this kind of attacks, which of the following can be an effective methodogy:

general knowledge science & technology

  1. Require SSL for all sensitive pages. Non-SSL requests to these pages should be redirected to the SSL page

  2. A strong application architecture that provides good separation and security between components

  3. Use of Whitelist or Parameterized API

  4. All of the Above

Show answer
Correct Option: A

Find more quizzes: