Encryption and session tokens --
- The session tokens include cookies, SessionID, Hidden
Field.
- If the session tokens has exposed then attacker can access the
victim's data easily.
- so it is very important to protect transition of data
between the client browser and application server.
- The security applies to the transfer of sensitive session ID
data. the personal proxy ascertian each request and
response which include --
- HTTP headers
- Protocol used(HTTP and HTTPS)
- Message body (Post or page content)
- The session Id data is passed between client and
server, cache, privacy, protocol and body should be
checked.
- Here the session ID is passed inGET and POST
request.
- To protect your data, SSL encryption should be
used. encryption of the session ID should be considered
separatly from transport encryption because the session ID is being
protected, not the data.
- The most used session tokens are --
- Long lived access tokens, medium term lived access
token which is used to get a new access token and medium term lived
session that extend expiry, short lived access token,
- Encryption make the file or message readable only by
certain people. Encryption uses algorithm to
encrypt the data and then uses key fr receiving party to
decrypt the information.
- The message is refered as plain text but when it is
encrypted it refered to as ciphertext.
- The main types of encryption are -- symmetric
encryption and asymmetric encryption or public key
encryption.
- Symmetric encryption -- in this, there is only
one key and all the parties uses the same key for encryption and
decryption.
- Asymmetric encryption -- in this encryption
there are two keys, one is used for encryption ad other is used for
decryption.
- some algorithm for encryption are -- Blowfish, AES, RC4
RC5 RC6, Twofisha and DES.
Issues of encryption and session tokens --
- The tokens are stored at the frontend ad backend and send over
the network which is depending on the session flow. so here
several issues can ocuur like-
- MAn in the middle attack
- XSS. , CSRF.
- Database files access
- OAuth token theft
- Session fixation
- Social engineering and physical access.
- The common encryption issues can be -- Big Data lakes,
Cloud platform, Analysis involving sensitive data,