Closing the Biggest Hole in Web Application Delivery: Session Hijacking
Since the beginning of web application delivery, there has been an opportunity for fraudsters to get into the middle of a transaction and impersonate the legitimate user. Since the credentials used for this fraud are valid and "expected to be under the control of the real user," this type of impersonation has been difficult if not impossible to detect and stop.
The threat of "session hijacking" is an area of growing concern among enterprises with assets to protect, while at the same time providing easy, yet secure access to their users. It is one of the leading security issues facing enterprises today. Many leading experts identify "session hijacking" as a nearly permanent security risk.
This white paper provides an overview of:
- The importance of "continuous authentication";
- Extending continuous session assurance into the application;
- A solution to address session hijacking.