CISSP All-in-One Exam Guide, Eighth Edition by Shon Harris & Fernando Maymi
Author:Shon Harris & Fernando Maymi [Harris, Shon]
Language: eng
Format: epub
Publisher: McGraw-Hill Education
Published: 2018-10-26T05:00:00+00:00
NOTE Some cookies are stored as text files on your hard drive. These files should not contain any sensitive information, such as account numbers and passwords. In most cases, cookies that contain sensitive information stay resident in memory and are not stored on the hard drive.
So, suppose you look at your checking account, do some work there, and then request to view your savings account information. The web server sends a request to see if you have been properly authenticated for this activity by checking your cookie.
Most online banking software also periodically requests your cookie to ensure no man-in-the-middle attacks are going on and that someone else has not hijacked the session.
It is also important to ensure that secure connections time out. This is why cookies have timestamps within them. If you have ever worked on a site that has an TLS connection set up for you and it required you to reauthenticate, the reason is that your session has been idle for a while and, instead of leaving a secure connection open, the web server software closed it out.
A majority of the data within a cookie is meaningless to any entities other than the servers at specific sites, but some cookies can contain usernames and passwords for different accounts on the Internet. The cookies that contain sensitive information should be encrypted by the server at the site that distributes them, but this does not always happen, and a nosy attacker could find this data on the user’s hard drive and attempt to use it for mischievous activity. Some people who live on the paranoid side of life do not allow cookies to be downloaded to their systems (which can be configured through browser security settings). Although this provides a high level of protection against different types of cookie abuse, it also reduces their functionality on the Internet. Some sites require cookies because there is specific data within the cookies that the site must utilize correctly in order to provide the user with the services she requested.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Cryptography | Encryption |
Hacking | Network Security |
Privacy & Online Safety | Security Certifications |
Viruses |
Future Crimes by Marc Goodman(3002)
Mastering Python for Networking and Security by José Manuel Ortega(2952)
Blockchain Basics by Daniel Drescher(2891)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2512)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2483)
Practical Threat Detection Engineering by Megan Roddie & Jason Deyalsingh & Gary J. Katz(2370)
The Art Of Deception by Kevin Mitnick(2299)
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(2225)
The Code Book by Simon Singh(2210)
Machine Learning Security Principles by John Paul Mueller(1925)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(1909)
Wireless Hacking 101 by Karina Astudillo(1849)
DarkMarket by Misha Glenny(1847)
Hands-On AWS Penetration Testing with Kali Linux by Benjamin Caudill & Karl Gilbert(1844)
Applied Network Security by Arthur Salmon & Michael McLafferty & Warun Levesque(1840)
Mobile Forensics Cookbook by Igor Mikhaylov(1814)
Serious Cryptography: A Practical Introduction to Modern Encryption by Aumasson Jean-Philippe(1809)
Solidity Programming Essentials by Ritesh Modi(1800)
Bulletproof Android: Practical Advice for Building Secure Apps (Developer's Library) by Godfrey Nolan(1671)