Academic Hosting & Event Management Solutions
Session fixation is a vulnerability of web applications where a malicious attacker gains full control of a victim's web account without having to use the victim's credentials such as username and password. Extant defensive techniques and procedures are not completely effective against such attacks. The authors found that some 48% of Indonesian websites are vulnerable to such attacks because, contrary to best software engineering practices, many use default session management IDs generated by their development platforms. This paper presents procedures for identifying vulnerable websites and the results.