{"id":2619,"date":"2021-10-28T11:30:00","date_gmt":"2021-10-28T11:30:00","guid":{"rendered":"https:\/\/sectigostore.com\/blog\/?p=2619"},"modified":"2021-10-22T20:16:53","modified_gmt":"2021-10-22T20:16:53","slug":"session-hijacking-attacks-session-hijacking-explained","status":"publish","type":"post","link":"https:\/\/sectigostore.com\/blog\/session-hijacking-attacks-session-hijacking-explained\/","title":{"rendered":"A Look at Session Hijacking Attacks: Session Hijacking Explained"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">After four long years, <a href=\"https:\/\/portswigger.net\/daily-swig\/owasp-shakes-up-web-app-threat-categories-with-release-of-draft-top-10\">OWASP<\/a> released their new list of the top 10 web application security threat categories. This list includes XSS injections and session fixation attacks, both of which are considered session hijacking attack methods. Let\u2019s explore what session hijacking is and why it matters to your organization<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">A visual representation of session hijacking or cookie jacking where the cookies used by a web application are hacked by cybercriminals. (Made using Canva)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Thousands of Facebook accounts have been compromised since March 2021 due to a session hijacking malware called <a href=\"https:\/\/blog.zimperium.com\/flytrap-android-malware-compromises-thousands-of-facebook-accounts\/?web=1&amp;wdLOR=cAF041CB5-2C0B-47C0-A628-CDC50FFB8731\">FlyTrap<\/a>. FlyTrap spread across 10,000 victims as an Android Trojan. The malware could collect a variety of victims\u2019 data, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Facebook IDs<\/li><li>Locations<\/li><li>Email addresses<\/li><li>IP addresses<\/li><li>Cookies and Tokens associated with Facebook accounts<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">These hijacked sessions were used to spread malware and disinformation by abusing the victim\u2019s social credibility. But what is a session hijacking and how does it work? Why is it a threat to your business and customers? And what can you do to prevent session hijacking attacks?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Is Session Hijacking?<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"737\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/session-hijacking-fun-illustration-1024x737.png\" alt=\"A silly, fun and creative illustration of a session hijacking attack\" class=\"wp-image-2621\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/session-hijacking-fun-illustration-1024x737.png 1024w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/session-hijacking-fun-illustration-300x216.png 300w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/session-hijacking-fun-illustration-560x403.png 560w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/session-hijacking-fun-illustration-1536x1105.png 1536w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/session-hijacking-fun-illustration-2048x1474.png 2048w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/session-hijacking-fun-illustration-940x676.png 940w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Here&#8217;s a fun and silly illustration to bring a bit of levity to an otherwise serious topic.<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">In the most general terms, session hijacking, or \u201csession sidejacking\u201d is a type of cyber attack that involves an attacker taking over or \u201chijacking\u201d your active web session. (A session is your connection to a website \u2014 like when you log on to pay bills or check your email.) Bad guys can do this by stealing or even guessing the unique identifier (i.e., a cookie or a string of numbers) that a website has assigned to your session to pretend that they\u2019re you.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">What session hijacking does is give the bad guy unauthorized access to the site as you, meaning that they can see everything relating to your account. This includes everything from seeing your personal or payment card-related information to performing fraudulent activities in your name. A session hijacking attack can occur in real time, or an attacker can use the session ID to impersonate you at a time that\u2019s more convenient for them.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Session hijacking can occur in several ways (which we\u2019ll speak about more in-depth in a few moments). However, these types of <a class=\"wpil_keyword_link \" href=\"https:\/\/sectigostore.com\/blog\/10-different-types-of-cyber-attacks-how-they-work\/\" title=\"cyber attacks\" data-wpil-keyword-link=\"linked\">cyber attacks<\/a> typically fall into one of two categories:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Web application attacks.<\/strong> This first category, which is what we\u2019ll mainly focus on in this article, revolves around cybercriminals stealing your identifying token (such as a cookie, a string of numbers that uniquely identifies you to the website) when you first connect to a website. This is why these types of session hijacking are also sometimes known as cookie stealing or cookie hijacking.&nbsp;<\/li><li><strong>Network layer attacks.<\/strong> This second category, also known as TCP session hijacking, works on the transport layer. This process involves stealing data packets while they\u2019re transmitting from your device to the website\u2019s server.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Why Session Hijacking Is Dangerous for Users and Businesses<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">To understand the dangers of session hijacking and why it\u2019s such a threat to your users and organization, let\u2019s consider the following scenario.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Say you have an eCommerce website. If a criminal gets ahold of the session ID of your employee or any other user, they can do one or more of the following (depending on which account they can access):<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>View or change the user\u2019s account information (they can view personal information, payment account information, change the user\u2019s login credentials, etc.).<\/li><li>Make fraudulent purchases or other transactions (such as money transfers) on behalf of that user.<\/li><li>Access secure company resources and steal data, which can result in a data breach.<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The results of the data breach are catastrophic. <a href=\"https:\/\/www.ibm.com\/downloads\/cas\/OJDVQGRY\">IBM<\/a> reported some interesting results after conducting research on the data breach. Some of the findings include the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The average cost of a data breach increased 10%, from $3.86 million in 2020 to $4.24 million in 2021.<ul><li>These data breach costs represent the largest year-over-year increase in the last seven years.<\/li><\/ul><ul><li>A cost difference of $1.07 million was observed when remote work was a factor in the data breach.<\/li><\/ul><\/li><li>38% of the cost of a data breach could be attributed to loss of business.<\/li><li>Personally identifiable information (PII) costs an average of $180 per record.<\/li><li>20% of the breaches had compromised credentials as the initial attack vector.<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Like the rest of us in cyber security, IBM is rooting for organizations to achieve higher standards in security AI and automation, zero trust, and cloud security to reduce the costs associated with data breaches. But in order to achieve higher security, organizations need to understand the various types of threats that exist.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Session Hijacking vs. Session Spoofing<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Session hijacking and session spoofing are both types of attacks where a cybercriminal takes over a victim\u2019s session. The principal difference between session hijacking and session spoofing is the timing of the attack. In session hijacking, a criminal will carry out the attack when the victim is logged in on the system. While in session spoofing, the attacker will log in to the victim\u2019s account with the help of stolen credentials when the victim is not logged in.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How Session Hijacking Works<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">A cybercriminal can hijack the session of the victim by stealing the session ID or a session cookie to make the server believe that the criminal is the legitimate user. The bad guys can also hijack the session by persuading the victim to log in using a compromised session ID. There are mainly two ways in which the cybercriminal can carry out these attacks:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li>By installing malicious software on the victim\u2019s device, or<\/li><li>By sending out phishing emails and tricking the victims into logging in.<\/li><\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Of course, session hijacking attacks can be carried out in different ways. Let\u2019s look at them in more detail.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How Web Application Session Hijacking Works<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Generally, web application session hijacking involves the criminal stealing the target\u2019s session ID or their session cookie by sending out phishing emails\/links to the victim. Once the victim logs in using this link, the criminal is in and will be able to read or change the information transmitted.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The following figure is a representation of how web application session hijacking works:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"653\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/how-session-hijacking-works-1024x653.png\" alt=\"An basic illustration of how session hijacking works\" class=\"wp-image-2622\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/how-session-hijacking-works-1024x653.png 1024w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/how-session-hijacking-works-300x191.png 300w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/how-session-hijacking-works-560x357.png 560w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/how-session-hijacking-works-940x600.png 940w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/how-session-hijacking-works.png 1100w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>A basic illustration showing how session hijacking works in a general sense.<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">So, what exactly are session, session key, and cookie? How do they impact the session hijacking scenario?<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">A Web App Session Is Like Using a Valet Service\u2026 You Don\u2019t Want Your Keys in the Wrong Hands<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s understand everything with the help of an example. If you go to a restaurant and use their valet service to park your car, you hire the service for a short bracket of time. It can be compared to the session you have online. Essentially, a session is a time slot assigned to a specific user where the server will remember all their activities and will track different connections of the same user.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Continuing the example, when you ask a valet to park your car, he will take your car and give you a token. This token is not your actual car, but the valet will return your car once you show him your token. The valet will hand over your car to anybody who has that specific token.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Technically, a session key or token is a unique ID consisting of alphanumeric characters that identify the session. When the user makes requests to the server, this session key is used as a reference. It is akin to the unique ID on the token you receive from the valet service for your car.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">An internet cookie, or the HTTP cookie, is like a valet token in this scenario. As the valet token contains the details about your car, including its registration number, a cookie contains all the details of your online session. You can retrieve your car by presenting the token to the valet service.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The following figure represents the relationship between the session, session key, and cookie:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"970\" height=\"373\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/what-is-a-session.png\" alt=\"A basic illustration of a web session\" class=\"wp-image-2623\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/what-is-a-session.png 970w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/what-is-a-session-300x115.png 300w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/what-is-a-session-560x215.png 560w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/what-is-a-session-940x361.png 940w\" sizes=\"auto, (max-width: 970px) 100vw, 970px\" \/><figcaption>A basic illustration explaining the concept of a session on the internet<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Moreover, it doesn\u2019t matter who presents the token; the valet will give access to your car to that person. This means that if a cybercriminal gets ahold of your cookie, the server would not be able to differentiate them from you, so they\u2019ll share the session details with them. This process would give the attacker access to your account and the ability to perform actions that you normally would as a legitimate user.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How TCP Session Hijacking Works<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">TCP session hijacking involves an attacker inserting malicious code to impersonate a victim\u2019s device. Once such code is inserted, the server will consider the attacker as the legitimate user. For understanding TCP session hijacking, it is important to know what TCP is and how it works.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">What Is TCP?<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">The transmission control protocol (TCP) is a protocol used in addition to the internet protocol (IP) to transfer the data packets reliably. TCP facilitates maintaining lost packets, duplicate or corrupted packets, and out-of-order packets while transporting the data packets.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">TCP uses a three-way handshake to connect user and server. The user will send a random number (X) to the server. The server will acknowledge it by adding 1 to the random number (X+1) and will add a random number of its own (Y). The client will acknowledge it by adding 1 to that number (Y+1). The following figure shows this three-way handshake:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/tcp-ip-3-way-handshake-1024x390.png\" alt=\"A basic illustration of a TCP\/IP three-way handshake\" class=\"wp-image-2624\" width=\"840\" height=\"319\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/tcp-ip-3-way-handshake-1024x390.png 1024w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/tcp-ip-3-way-handshake-300x114.png 300w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/tcp-ip-3-way-handshake-560x213.png 560w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/tcp-ip-3-way-handshake-940x358.png 940w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/tcp-ip-3-way-handshake.png 1123w\" sizes=\"auto, (max-width: 840px) 100vw, 840px\" \/><figcaption> A basic visual illustration that demonstrates how the TCP\/IP three-way handshake works.<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">A cybercriminal might place himself on the port used by TCP\/IP to sniff the source-routed IP packets at the network level. They will respond to the server with the correct ACK message. The server will consider the reply as coming from the legitimate user and grant access to the attacker. The MitM attacker will hijack the session without the server ever knowing about it. The following figure shows how the attacker can hijack the session using TCP:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"584\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/how-tcp-session-hijacking-occurs-1024x584.png\" alt=\"A basic illustration of how a TCP\/IP session hijacking attack works\" class=\"wp-image-2625\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/how-tcp-session-hijacking-occurs-1024x584.png 1024w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/how-tcp-session-hijacking-occurs-300x171.png 300w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/how-tcp-session-hijacking-occurs-560x319.png 560w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/how-tcp-session-hijacking-occurs-940x536.png 940w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/how-tcp-session-hijacking-occurs.png 1061w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption> A basic illustration showing how a cybercriminal carries out TCP session hijacking attack.<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">For TCP session hijacking, the criminal needs to know the TCP and IP headers and packet payloads. Therefore, they use a method called ARP poisoning. The following video explains the man-in-the-middle attack by ARP (Address resolution protocol) poisoning in a simple way:<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"What is a Man-in-the-Middle Attack?\" width=\"940\" height=\"529\" src=\"https:\/\/www.youtube.com\/embed\/stMj5jlu1-4?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">3 Methods of Session Hijacking (And 1 Closely Related Attack Method)<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">A cybercriminal can use various methods to hijack your session. They can also use a combination of methods to carry out a session hijacking attack. Let\u2019s look at some of the most commonly used methods of session hijacking as well as some other closely related attack methods.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1.\u00a0Session Sidejacking<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/capec.mitre.org\/data\/definitions\/102.html\">Session sidejacking<\/a> is a method of session hijacking where an attacker sniffs the traffic for session cookies on an unencrypted communication channel. Once they find cookies, they can use them to impersonate the victim and hijack their session.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">An attacker can easily set up a Wi-Fi network and offer it for free. Some criminals name these free Wi-Fi networks with names that sound authentic, like \u201cBaer County Free Wi-Fi\u201d or \u201cAT&amp;T Free Wi-Fi\u201d to attract potential victims. The unsuspecting users will start using this Wi-Fi and browse the internet. Many outlets genuinely offer free Wi-Fi to their customers, but they cannot control who logs in.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Criminals treat these open Wi-Fi networks as bait to attract and ensnare victims. As soon as the victims log on to websites that only have their login pages covered and click on the unsecured page, the criminals can sniff them and hijack their session. &nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The method in which the cybercriminal sniffs the data packets transferred between two nodes on the internet to steal the session cookie is called session side jacking or session sniffing. Open wireless networks or hotspots help criminals lure users to their network, and unsecured websites help them to steal users\u2019 session cookies.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2.\u00a0Cross-Site Scripting XSS<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">A <a href=\"https:\/\/sectigostore.com\/blog\/what-is-cross-site-scripting-how-to-prevent-cross-site-scripting-attacks\/\">cross-site scripting (XSS) attack<\/a> tricks the system into executing malicious code by concealing it in the trusted server. The device will execute this malicious code, assuming it to be safe. However, this code helps the attacker to steal cookies.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">According to <a href=\"https:\/\/info.edgescan.com\/vulnerability-stats-report-2021\">Edgescan<\/a>, cross-site scripting (XSS) was the leading reason behind high-risk security vulnerabilities (37.2%) in application security in 2020. The method of session hijacking targeting the vulnerabilities in web applications is known as cross-site scripting or XSS. A criminal deceives the client device into running a malicious code that appears to be a legitimate server code. When the client device runs this code, the criminal gets a foothold on the device, allowing him to obtain the cookies and hijack the session.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">All major browsers have a basic security feature called the same-origin policy (SOP), so the websites can only access codes from the same origin. The browser will consider URLs with the same URL scheme, hostname, and port number to be from the same origin and share the permission among them.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A cross-site scripting (XSS) attack is more than just a method of session hijacking. XSS attacks inject malicious code, generally JavaScript, into vulnerable web pages processed by the user\u2019s client (browser) by exploiting server and application vulnerabilities. Because the browser trusts that the page\u2019s codes are legitimate, it\u2019ll then share sensitive data. This will allow cybercriminals to hijack the session and steal sensitive information.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The following video is an excellent explanation to XSS:<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Cracking Websites with Cross Site Scripting - Computerphile\" width=\"940\" height=\"529\" src=\"https:\/\/www.youtube.com\/embed\/L5l9lSnNMxg?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">3.\u00a0Session Hijacking Using Brute Force<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Sometimes, the session ID uses predictable variables like the user\u2019s IP address along with the date and time of user login. Cybercriminals can guess these kinds of identifiable patterns by carrying out a brute force attack.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A brute force attack is a method that cybercriminals use to bypass traditional login methods and force their way into an account. They do this by repeatedly attempting to log in by guessing username-password combinations. The same concept applies here to session IDs for session hijacking \u2014 an attacker can try their hand at guessing session IDs until they find one that works. When shorter session IDs are used, brute force attacks become simpler to perform.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Session Fixation<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Although session fixation attacks are closely related to session hijacking, it is slightly different from the session hijacking attacks. A session fixation attack is a cyber attack where the criminal gains access to the user session by luring the victim into logging in on a website using a compromised session ID.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Session fixation attacks are carried out by taking advantage of a security mechanism vulnerability that allows one person to set (fixate) the session ID for another person. It can occur in one of several ways depending on how your site is coded and organized.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Session Fixation Method One: Stealing a User\u2019s Session ID<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">A criminal might send a phishing email to the victim containing the link that contains a session ID. When the victim clicks on the link, they will see a familiar login page. When they enter their credentials, the attacker will be able to know the sessions ID used. The attacker will be able to carry out all the functions the victim could do on his account.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s compare it to the valet metaphor. A bad guy can dress up as the valet, and you will give him the token of your car parked earlier. The attacker will take the token and go to the real valet, who will hand over your car to him, thinking it\u2019s the legitimate owner (you). Your car will be stolen with a compromised token.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"658\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/how-session-fixation-works-1024x658.png\" alt=\"An basic illustration of how session fixation works\" class=\"wp-image-2626\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/how-session-fixation-works-1024x658.png 1024w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/how-session-fixation-works-300x193.png 300w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/how-session-fixation-works-560x360.png 560w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/how-session-fixation-works-940x604.png 940w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/how-session-fixation-works.png 1059w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>A basic illustration that demonstrates how a session fixation attack occurs.<\/figcaption><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Session Fixation Method Two: Stealing Users\u2019 Login Credentials<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s explore another way in which a session fixation attack can work:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li>The attacker goes on the targeted website.<\/li><li>The website sends a legitimate session ID to the attacker.<\/li><li>The attacker will send the same session ID to the victim via a phishing link. However, instead of sending them to the legitimate website, they\u2019ll divert the victim to a fake site.<\/li><li>Because the fake site is designed to look legitimate, the victim logs in to their account thinking that the phishing site is real.<\/li><li>The attacker will collect the login credentials from the fake site and log in as the victim on the original site impersonating the victim. Thus, allowing the attack to fixate the session.<\/li><\/ol>\n\n\n\n<h4 class=\"wp-block-heading\">Session Fixation Method Three: Using a Phony Subdomain<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">The third way to carry out session fixation is when an untrusted site gives out its subdomains to a fishy third party (attacker). The attacker will lure the victim into using this website. When the victim logs in, a session cookie is created on the victim\u2019s browser. The attacker accesses the cookie from the subdomain by sending a request. The attacker thus gains access to the victim\u2019s account for that session.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This method is harder for an attacker to pull off because they\u2019d need to have access to a domain\u2019s subdomain.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How to Prevent Session Hijacking Attacks<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Isn\u2019t it scary to see so many methods used for session hijacking? However, implementing preventive and security measures can help you secure your session. Cybercriminals take different routes for each session hijacking method; hence, security experts must devise different measures to foil their attacks and put a stop to these threats.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Use Encryption on Your Website (Enable HTTPS)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The most reliable method to have secure communication on an untrusted network is to use SSL\/TLS encryption. Many website owners buy SSL certificates only for their login page. Other pages or subdomains on the website are unprotected.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Encryption is the key (pun intended) to secure online communication. SSL\/TLS certificates should be used on the <em>entire<\/em> site to encrypt all data traffic between the client and the server \u2014 everything from your primary domain to your least trafficked subdomains.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Some web owners make a mistake in securing only the login pages. This leaves your whole website vulnerable to attack and your data open to exposure or compromise. To avoid these issues, enable HTTPS across your entire site.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Implement Session ID Hygiene<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">If you follow certain rules at the time of generating session ID, the attackers will have a hard time cracking it. The following steps will help you have better session ID hygiene:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li>Use random session IDs instead of following a particular pattern to generate session IDs.<\/li><li>Regenerate session ID after each login to prevent session fixation or spoofing.<\/li><li>Accept server-generated session IDs only. Don\u2019t accept session IDs from any other source.<\/li><li>Use long session IDs to prevent brute force attempts for session hijacking.<\/li><li>Never use session ID in URLs or POST variables.<\/li><li>Implement time-outs for inactive sessions to reduce the chances of hacking. A new session ID can be generated the next time you log in.<\/li><\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Another option recommended by <a href=\"https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/Session_Management_Cheat_Sheet.html\">OWASP\u2019s Session Management Cheat Sheet<\/a> is to bind specific identifying characters or user properties to the session ID to help prevent unauthorized access:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><em>\u201cIf the web application detects any change or anomaly between these different properties in the middle of an established session, this is a very good indicator of session manipulation and hijacking attempts, and this simple fact can be used to alert and\/or terminate the suspicious session.\u201d<\/em><\/p><\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Practice Good Cookie Security Hygiene<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">If you follow some practical rules for maintaining cookies, you can have a higher level of security. Let\u2019s look at how you can secure your \u201ccookie jar\u201d against attackers:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li><strong>Use HTTPS to send cookies.<\/strong> The application server can set the secure cookie flag when a new cookie is sent to ensure that the browser sends cookies via HTTPS only (not via the insecure HTTP protocol).<\/li><li><strong>Use unique cookies for each request.<\/strong> Configure cookie values to change after every request. Practically, this means a new cookie is created after every request, and the attacker might not have enough window to launch an attack.<\/li><\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Ensure Website Users Follow Security Hygiene<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">If you are a website user, you should follow some practices to protect your website sessions from session hijacking attacks:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li>Don\u2019t click on suspicious links from emails or other sources.<\/li><li>Delete suspicious emails and text messages with follow links.<\/li><li>Check the referrer header and delete the session if you find anything suspicious. When you visit a website, the browser will set a referrer header that contains the link to the site you visited. If you check the referrer header and find inconsistency in the link, you should delete your session at once.<\/li><li>Never leave your device unattended or unlocked when it\u2019s not in use or within your physical possession.<\/li><li>Enable <a href=\"https:\/\/sectigostore.com\/blog\/what-is-multi-factor-authentication-and-how-does-it-differ-from-2fa-sfa\/\">two-factor authentication (2FA) or multi-factor authentication (MFA)<\/a> on your accounts for added security.<\/li><li>Use anti-malware software and a firewall to protect your endpoint devices and network from attackers.<\/li><li>Avoid using unknown and public wireless networks.<\/li><li>Don\u2019t use insecure websites (i.e., websites lacking HTTPS in the browser\u2019s address bar).<\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Final Words on Session Hijacking<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">A cybercriminal can do virtually anything a victim can do by hijacking the victim\u2019s session. The server will consider the attacker as a legitimate user. An attacker can steal money (carry out the transfer from his bank account) or steal sensitive information. When the criminals get access to the victim\u2019s personally identifiable information (PII), they can carry out identity theft.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">There are several ways in which a criminal can hijack a session. You can protect your IT systems only by following a strict security regimen.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>After four long years, OWASP released their new list of the top 10 web application security threat categories. This list includes XSS injections and session fixation attacks, both of which&#8230;<\/p>\n","protected":false},"author":19,"featured_media":2628,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[1],"tags":[211,212],"class_list":["post-2619","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-web-security","tag-session-hijacking","tag-session-hijacking-attacks","post-with-tags"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>A Look at Session Hijacking Attacks: Session Hijacking Explained - InfoSec Insights<\/title>\n<meta name=\"description\" content=\"What is session hijacking? We&#039;ll break down what a session hijacking is, how it occurs, why it&#039;s dangerous and what you can do to prevent it.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sectigostore.com\/blog\/session-hijacking-attacks-session-hijacking-explained\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Look at Session Hijacking Attacks: Session Hijacking Explained - InfoSec Insights\" \/>\n<meta property=\"og:description\" content=\"What is session hijacking? We&#039;ll break down what a session hijacking is, how it occurs, why it&#039;s dangerous and what you can do to prevent it.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sectigostore.com\/blog\/session-hijacking-attacks-session-hijacking-explained\/\" \/>\n<meta property=\"og:site_name\" content=\"InfoSec Insights\" \/>\n<meta property=\"article:published_time\" content=\"2021-10-28T11:30:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/session-hijacking-feature.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1067\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Megha Thakkar\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Megha Thakkar\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"17 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/session-hijacking-attacks-session-hijacking-explained\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/session-hijacking-attacks-session-hijacking-explained\\\/\"},\"author\":{\"name\":\"Megha Thakkar\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/77f01ec498571464bae513fa5bfd42da\"},\"headline\":\"A Look at Session Hijacking Attacks: Session Hijacking Explained\",\"datePublished\":\"2021-10-28T11:30:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/session-hijacking-attacks-session-hijacking-explained\\\/\"},\"wordCount\":3592,\"image\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/session-hijacking-attacks-session-hijacking-explained\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/session-hijacking-feature.jpg\",\"keywords\":[\"session hijacking\",\"session hijacking attacks\"],\"articleSection\":[\"Web Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/session-hijacking-attacks-session-hijacking-explained\\\/\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/session-hijacking-attacks-session-hijacking-explained\\\/\",\"name\":\"A Look at Session Hijacking Attacks: Session Hijacking Explained - InfoSec Insights\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/session-hijacking-attacks-session-hijacking-explained\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/session-hijacking-attacks-session-hijacking-explained\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/session-hijacking-feature.jpg\",\"datePublished\":\"2021-10-28T11:30:00+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/77f01ec498571464bae513fa5bfd42da\"},\"description\":\"What is session hijacking? We'll break down what a session hijacking is, how it occurs, why it's dangerous and what you can do to prevent it.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/session-hijacking-attacks-session-hijacking-explained\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/sectigostore.com\\\/blog\\\/session-hijacking-attacks-session-hijacking-explained\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/session-hijacking-attacks-session-hijacking-explained\\\/#primaryimage\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/session-hijacking-feature.jpg\",\"contentUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/session-hijacking-feature.jpg\",\"width\":1600,\"height\":1067},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/session-hijacking-attacks-session-hijacking-explained\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A Look at Session Hijacking Attacks: Session Hijacking Explained\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/\",\"name\":\"InfoSec Insights\",\"description\":\"SectigoStore.com Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/77f01ec498571464bae513fa5bfd42da\",\"name\":\"Megha Thakkar\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/390ac6e8c0915150ea845acfc11db159571a2dc74d5745edc8edacec9f996bce?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/390ac6e8c0915150ea845acfc11db159571a2dc74d5745edc8edacec9f996bce?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/390ac6e8c0915150ea845acfc11db159571a2dc74d5745edc8edacec9f996bce?s=96&d=mm&r=g\",\"caption\":\"Megha Thakkar\"},\"description\":\"Megha can usually be found reading, writing, or watching documentaries, guaranteed to bore her family. She is a techno-freak with interests ranging from cooking to travel. A regular contributor to various web security blogs, she has earned her diploma in network-centric computing. Being a mother has taught her to speak less and write more (coz who listens to moms, right?).\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A Look at Session Hijacking Attacks: Session Hijacking Explained - InfoSec Insights","description":"What is session hijacking? We'll break down what a session hijacking is, how it occurs, why it's dangerous and what you can do to prevent it.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sectigostore.com\/blog\/session-hijacking-attacks-session-hijacking-explained\/","og_locale":"en_US","og_type":"article","og_title":"A Look at Session Hijacking Attacks: Session Hijacking Explained - InfoSec Insights","og_description":"What is session hijacking? We'll break down what a session hijacking is, how it occurs, why it's dangerous and what you can do to prevent it.","og_url":"https:\/\/sectigostore.com\/blog\/session-hijacking-attacks-session-hijacking-explained\/","og_site_name":"InfoSec Insights","article_published_time":"2021-10-28T11:30:00+00:00","og_image":[{"width":1600,"height":1067,"url":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/session-hijacking-feature.jpg","type":"image\/jpeg"}],"author":"Megha Thakkar","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Megha Thakkar","Est. reading time":"17 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sectigostore.com\/blog\/session-hijacking-attacks-session-hijacking-explained\/#article","isPartOf":{"@id":"https:\/\/sectigostore.com\/blog\/session-hijacking-attacks-session-hijacking-explained\/"},"author":{"name":"Megha Thakkar","@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/77f01ec498571464bae513fa5bfd42da"},"headline":"A Look at Session Hijacking Attacks: Session Hijacking Explained","datePublished":"2021-10-28T11:30:00+00:00","mainEntityOfPage":{"@id":"https:\/\/sectigostore.com\/blog\/session-hijacking-attacks-session-hijacking-explained\/"},"wordCount":3592,"image":{"@id":"https:\/\/sectigostore.com\/blog\/session-hijacking-attacks-session-hijacking-explained\/#primaryimage"},"thumbnailUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/session-hijacking-feature.jpg","keywords":["session hijacking","session hijacking attacks"],"articleSection":["Web Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sectigostore.com\/blog\/session-hijacking-attacks-session-hijacking-explained\/","url":"https:\/\/sectigostore.com\/blog\/session-hijacking-attacks-session-hijacking-explained\/","name":"A Look at Session Hijacking Attacks: Session Hijacking Explained - InfoSec Insights","isPartOf":{"@id":"https:\/\/sectigostore.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sectigostore.com\/blog\/session-hijacking-attacks-session-hijacking-explained\/#primaryimage"},"image":{"@id":"https:\/\/sectigostore.com\/blog\/session-hijacking-attacks-session-hijacking-explained\/#primaryimage"},"thumbnailUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/session-hijacking-feature.jpg","datePublished":"2021-10-28T11:30:00+00:00","author":{"@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/77f01ec498571464bae513fa5bfd42da"},"description":"What is session hijacking? We'll break down what a session hijacking is, how it occurs, why it's dangerous and what you can do to prevent it.","breadcrumb":{"@id":"https:\/\/sectigostore.com\/blog\/session-hijacking-attacks-session-hijacking-explained\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sectigostore.com\/blog\/session-hijacking-attacks-session-hijacking-explained\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sectigostore.com\/blog\/session-hijacking-attacks-session-hijacking-explained\/#primaryimage","url":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/session-hijacking-feature.jpg","contentUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/session-hijacking-feature.jpg","width":1600,"height":1067},{"@type":"BreadcrumbList","@id":"https:\/\/sectigostore.com\/blog\/session-hijacking-attacks-session-hijacking-explained\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sectigostore.com\/blog\/"},{"@type":"ListItem","position":2,"name":"A Look at Session Hijacking Attacks: Session Hijacking Explained"}]},{"@type":"WebSite","@id":"https:\/\/sectigostore.com\/blog\/#website","url":"https:\/\/sectigostore.com\/blog\/","name":"InfoSec Insights","description":"SectigoStore.com Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sectigostore.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/77f01ec498571464bae513fa5bfd42da","name":"Megha Thakkar","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/390ac6e8c0915150ea845acfc11db159571a2dc74d5745edc8edacec9f996bce?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/390ac6e8c0915150ea845acfc11db159571a2dc74d5745edc8edacec9f996bce?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/390ac6e8c0915150ea845acfc11db159571a2dc74d5745edc8edacec9f996bce?s=96&d=mm&r=g","caption":"Megha Thakkar"},"description":"Megha can usually be found reading, writing, or watching documentaries, guaranteed to bore her family. She is a techno-freak with interests ranging from cooking to travel. A regular contributor to various web security blogs, she has earned her diploma in network-centric computing. Being a mother has taught her to speak less and write more (coz who listens to moms, right?)."}]}},"_links":{"self":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/2619","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/comments?post=2619"}],"version-history":[{"count":0,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/2619\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/media\/2628"}],"wp:attachment":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/media?parent=2619"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/categories?post=2619"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/tags?post=2619"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}