Results 1 to 2 of 2

Thread: Bharath

  1. #1
    Join Date
    Dec 1969

    Default Bharath

    Dear Friends !<BR><BR>I need to test an application developed in ASP + SQLSERVER in one angle.<BR>(i.e) Whether the users can gain access to my application without providing<BR>the userid and password details.<BR><BR>For ex:<BR>1. Assume there was a URL :<BR>2. Once userid and pasword has been entered in this page, Proced to<BR><BR>and if he is invalid user alert him When users provided correct login details, we were setting a value to the cookie and session<BR>So that in each page after logged in, i will be checking if the value exist in cookie or session then the page will open.This is just to prevent invalid users to gain entry to the system directly by providing the URL<BR> bypassing the<BR><BR>I need to know is there any testing cases availalble in order to gain entry in to an ASP application which uses cookies or session.<BR><BR>Kindly help my friends...<BR><BR>Best Regards<BR>Bharath

  2. #2
    Join Date
    Dec 1969

    Default Forget the cookie...

    Cookies can be "spoofed". That is, hackers can send the server any cookie values they want to.<BR><BR>But session variables are pretty secure. True, they *do* depend upon cookies, too, to carry along the SessionID. But the SessionID is encrypted and is time sensitive, so the only way a spoofer could get in would be to be "sniffing" some user&#039;s connection, grabbing the cookie value, and then posting to your pages using that same cookie value for the sessionid. <BR><BR>Yes, you could be hacked. But only because your user was hacked. Not something that is likely to happen without somebody putting a piece of hardware between your user and his/her internet connection. <BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts