Protection against session fixation attacks

In this article I will discuss how to prevent session fixation attack.

If you do not have clear understanding of Session Fixation attack then first go through the Wikipedia page on Session Fixation at following link:

Continue reading


Auditing Single Sign-On

In this article we will identify security risks in Single Sign-On (SSO) at implementation and application levels. Later we will design a threat profile which can be used as a benchmark in security audits.

Organizations usually deploy multiple simplified applications instead of a single complex application. It considerably reduces the complexity of business process and also helps in implementing strong access control. But with increasing number of applications, authentication and user information management has become a nightmare. Hence Single Sign-On (SSO) technology has emerged as a solution to this problem. As the term suggests, there is a single sign-on for all the applications in the organization.

Continue reading

Auditing Payment Gateway

In this article we will discuss the security concerns over payment gateway at different functional levels and how to perform a security audit on payment gateway to identify security risks at application level.

A payment gateway is an online payment solution which empowers merchants to accept payment online including credit card, debit card, direct debit, bank transfer and real-time bank transfers. Payment gateway protects sensitive customer data like credit card number & CVV, netbanking credentials etc. by encrypting the traffic to ensure that the information is passed securely between customer & merchant. Continue reading