Simple play icon Course

Web Application Penetration Testing: Session Management Testing

by Clark Voss

Learn what to look for while penetration testing session management using OWASP principles including brute-forcing, taking advantage of poorly implemented session fixation, and POST and GET requests implemented incorrectly to find weak spots.

What you'll learn

Poorly implemented session management can allow an attacker to exploit poor controls and gain access to sensitive information. In Web Application Penetration Testing: Session Management Testing, you’ll learn how to find those vulnerabilities before the bad guys do. First, you'll explore cookies, what to look for during a pen-test, and how you can brute force your way passed the login prompt. Next, you'll learn how easy it can be to hijack someone else's session with session fixation. Finally, you’ll discover what session puzzling is and how to leverage it as an attacker. When you’re finished with this course, you'll have a solid understanding of what to look for while penetration testing session management.

About the author

Clark has over 17 years of experience in all facets of information technology, from Desktop Support, Network Administration, System Administration, Software Quality Control, and Software generation. Now Clark is focusing his efforts on Information Security. Clark has received his Offensive Security Certified Professional (OSCP) certification. He is currently part of the security team and is part of’s red team, participating in finding security vulnerabilities in everything f... more

Ready to upskill? Get started