Thursday, December 12, 2019
Literature Review on Http Session Hijacking
Question: Discuss about the Literature Review on Http Session Hijacking. Answer: Introduction HTTP session hijacking is a form of hacking into the system for extracting the information regarding the computer web surfing session (Sum Keng Chung et al., 2014). The hackers would exploit the cookie session of the system for gaining the access to services and information in the computer system. Another term, theft of magic cookie has been given to the HTTP session hijacking (Yogesh Mundada et al., 2014). The HTTP cookies that is used for maintaining the particular web server and login session of the users can be hacked into for extracting the information from it. The use of intermediary computers would be used by the attacker for accessing the saved information in form of cookies. The following assignment has been made for forming the literature review on the topic of HTTP session hijacking form the available literatures. It would exclude the technical details and process included for the HTTP session hijacking. The different attacks on the computer session and its vitality would be highlighted in the following report. The available literatures are prone to provide a description on the increased HTTP session hijacking and their impact on users personal data. However, the final section of the review would provide the summary of the complete literature on HTTP session hijacking. Preventives for HTTP Session Hijacking on users The HTTP session hijacking has been the most prominent issue for the users and it has affected the operations of the user sessions (Weaver et al., 2013). The web session would have to be controlled for protecting the occurrence of attack. The use of SALT (sequence number alteration by the use of logical transformation) would be useful for protecting and defending the HTTP session hijacking (Nishanth Babu, 2014). Different types of methods should be used for protecting the HTTP session hijacking for different users. Selection of Research Topic The selection of any research topic is based on the interest of the individual doing the research. It is important for making sure that the topic selected for the research purpose must be collateral and there should be ample amount of previous literature available on the research topic (Raymond Lukanta, 2014). There are some principles that must be followed for selecting any topic for research and performing research on it. They are: Brainstorming of ideas- it helps in forming an overview of the research plan of collaborative environments and forming frontline techniques for vulnerabilities of web application (Shashank et al., 2013). The brainstorming of ideas would form a cognitive research overview of how an individual should proceed with the research topic. Accumulation of background information- The accumulation and collection of available information and data on the research topic is another important factor for the development of the research paper and forming a review on the available information. Focusing on crucial aspects- The research should focus on important facts and figures of the research topic. Unnecessary data and information (mere statements without any proof of existence) should be omitted from the research. Flexibility in research methodology- It is important for being flexible in the research methodology used (Mei et al., 2013). As it is possible that sometimes the research would require practical data analysis while on the other hand theoretical data should have to be used. Making a theory discussion- The important data and information should be accumulated and used for making a thesis discussion. The discussion should be elaborated to cover all the important and crucial points of the research on preventive measures for HTTP session hijacking. Available Literatures on HTTP Session Hijacking The HTTP session hijacking would be more formidable for attacking the progress of user web server utilization (Bursztein et al., 2012). The secure web server login would be helpful for dealing with the HTTP session hijacking. The goal of the secure login would be to deal with the hacking of users session along with personal data and information (Hanmanthu et al., 2015). The discussion of the report would be based on the analysis of the available literature and articles on the HTTP session hijacking. The discussion would be ordered on the basis of its importance and proof of statements. The analysis of the preventive measures is conceptual and it has been done by analyzing the various facts and data collected from different sources. The generation of session ID, encryption and comparison of cookies would be helpful for forming the security of wireless networks. A strong and encrypted session would help in formation of prevention models (Manivannan Sathiyamoorthy, 2014). The sections headings that would be used are the title of the 3 articles that would be used for forming the literature review. The client authorisation process for the modern web surfing structure can also be used for protecting the occurrence of HTTP session hijacking (Mundada et al., 2014). The New apparatus works the treats sets into two for testing. One set is the login treats and the second set is the non-sign in cookies. Newton tests the treats sets from top and the second treat set from the base in a rotating pattern. The Newton calculation stops where there are no more treat sets left to test. Newton decides the confirmation treats from the client sign in and client log out example Relation of Available Literature on HTTP Session Hijacking The use of automatic and robust protection for cookie based sessions would be helpful for providing the client side protection. The solution has been named as the one time cookies and it can be used for preventing the attacks on users information (Dacosta et al., 2011). The session of the user would be kept and stored secretly without any expensive synchronization requirement. The implementation of O. T. P. would be plugged in on the platform of word pres. The issue of HTTP session hijacking could be dealt by improving the security of web applications session management (De Ryck,P et al., 2014). The solution of the problem is based on the light weight mechanism. An unknown key value is infused between the server and the program and it keeps an attacker from assuming control over the client's session, as the key can't be transmitted or acquired easily. The security properties are observed to be upgraded and raise the level of security for HTTP organizations. The components like HTTP session, flags, browser model, and feather weight Firefox would be helpful for protecting the cookie based session (Bugliesi et al., 2014). The session is the most vital sort of assault in systems. These assaults are propelled by fake get to focuses. The fundamental target of this paper to recognize the fake get to focuses with the utilization of server hubs in the system. We likewise propose in giving security for IP satirizing utilizing scrambled calculation. Another method that can be used for protecting the IP spoofing and session hijacking is by using the sensor nodes (Abhishek Kumar Bharathi, 2014). The specialists have concentrated the broken verification assaults and the sessions administration assaults in awesome profundity and clarified the procedure of the interruptions that occur. The preventive measures have additionally been proposed by the analysts in the review which is a choice of existing preventive measures accessible today. Hence, it can be said that all the literatures available are based on the verification of designs and adaptability of new tools for the prevention of HTTP session hijacking. It would result in extraction of personal information from the user web session. According to Thiago Rocha (2014), the web surfing store the information in forms of cookies and the hackers get into the webs server system for accessing the information and use it for their personal use. Justification of the Assignment with the Research Available The research paper has been able to assist in making and distinctly analyzing the preventive measures for HTTP session hijacking for the operations of the business organizations and human use. The study has been done by concentrating on the development of the preventive measures for HTTP session hijacking and support ease of web server processing. The assignment has been done by focusing on the issues faced by the users due to the issue of HTTP session hijacking on the web service storage. The study had shown the critical evaluation of the issues of HTTP session hijacking. The research done in this assignment would be helpful for providing an overview on the preventive measures for HTTP session hijacking. Conclusion The review of the various literatures would result in finding the implementing methods for the preventions of HTTP session hijacking. The use of preventive methods plays a crucial role for considering all the safety measures, achieve the security considerations, supported the foundation of solutions for preventing HTTP session hijacking. The use of different source routed packets for IP configuration would be helpful for supporting the network participation and encouragement of IP packets to pass through Bs machine. The study would be helpful for the development of an idea of the preventive measures for HTTP session hijacking and its implications in the development of commercial operations. The research has been done in conceptual methodology for the study purpose. The conceptual analysis of the HTTP session hijacking was based on the available studies and articles. The critical analysis on the topic has yielded the benefits and drawbacks of the commercial usage of preventions for HTTP session hijacking. The structure for the research includes a basic introduction for defining the topic of study, data collection methods, evaluation of the available literature, forming a thesis of the topic, and concluding the topic. References Abhishek Kumar Bharathi, m. c. (21014). prevention of session hijacking and IP spoofing with sensor nodes and cryptographic approach. International Journal of Sciences: Basic and Applied Research (IJSBAR). Bugliesi, M., Calzavara,S., Focardi, R.,andKhan,W.(2014) Automatic and RobustClient-Side Protection for Cookie-Based Sessions,pp:161-168,Pdf.,retrieved on Dec 9th 2016 Bursztein,E.,Soman,C.Boneh,D. Mitchell,J.C.(2012) Session Juggler: Secure WebLogin From an Untrusted Terminal Using Session Hijacking,978(1) 321-330 Pdf. retrieved on Dec 8th 2016 Dacosta, I., Chakradeo, S., Ahamad, M., Traynor, P. (2011). One-time cookies: Preventing session hijacking attacks with disposable credentials. De Ryck,P., Desmet,L., Piessens,F., Joosen,W.(2014) Improving the Security ofSession Management in Web Applications,pp:1-13,Pdf. retrieved on Dec 8th 2016 Hanmanthu, B., Ram , R., Niranjan , P. (2015). Decision tree classification. SQL Injection Attack Prevention Based on Decision tree classification, 1-5. Manivannan, S. Sathiyamoorthy, E. (2014). A Prevention Model for Session Hijack Attacks in Wireless Networks Using Strong and Encrypted Session ID.Cybernetics And Information Technologies, 14(3). Mundada, Y., Feamster, N., Krishnamurthy, B., Guha, S., Levin, D. (2014). Half-Baked Cookies: Client Authentication on the Modern Web. Nagpal, B., Chauhan, N. Singh, Nanhay., Shatma,P.( 2014) Preventive Measures for Securing Web Applications using Broken Authentication and Session Management Attacks: a Study, 24(81) 1-3, Discovery, retrieved on Dec 9th 2016 Nishanth, N. Babu, S. (2014). Sequence Number Alteration by Logical Transformation (SALT): A Novel Method for Defending Session Hijacking Attack in Mobile Ad hoc Network. International Journal Of Computer And Communication Engineering, 3(5), 338-342. Raymond Lukanta, Y. A. (2014). Scanning tool for session management vulnerabilities. A Vulnerability Scanning Tool for session management vulnerabilities, 6. Shashank, K., Shah, P., Bhavsar, K., Gandhi, S. (2013). Frontline Techniques to Prevent Web Application Vulnerability. International Journal Of Advanced Research In Computer Science And Electronics Engineering (IJARCSEE), 2(2), 2-5. Sum Keng Chung, Ow Chee Yee, Manmeet Mahinderjit Singh, Rohail Hassan. (2014). Preventing session hijacking. SQL Injections Attack attack and session hijacking on E-learning systems, 5. Thiago S. Rocha, E. S. (2014). ETSS detector tool. ETSSDetector: a tool to automatically detect CrossSite scripting vulnerabilities. Weaver, N., Kreibich, C., Dam,M., PaxsonV. (2013)Here Be Web Proxies,PP: 1-10,Pdf., retrieved on Dec 9th 2016 Yogesh Mundada, Y. Feamster,N., Krishnamurthy,B, Guha,S. Levin,D.(2014) Half-Baked Cookies: Client Authentication on the Modern Web, pp1-6 pdf.,retrieved on Dec 9th 2016
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.