GCIH · Question #565
Analyze the screenshot below. What action should the penetration tester recommend to the security team?
The correct answer is A. The value of the session_id should be validated by the server after requests. A variety of techniques are used for carrying the sessionID to the browser. One is URL Session Tracking. With this technique, the sessionID is passed in the URL. So, on the browser location line, you see the sessionID number or set of characters. This value should be validated in
Question
Analyze the screenshot below. What action should the penetration tester recommend to the security team?
Exhibit
Options
- AThe value of the session_id should be validated by the server after requests
- BThe session_id variable should be encoded with Base64 in the URL
- CThe session_id variable should be removed from the URL by a web app firewall
- DThe URL should be redirected to HTTP so the payload can be easily inspected
How the community answered
(26 responses)- A77% (20)
- B8% (2)
- C4% (1)
- D12% (3)
Explanation
A variety of techniques are used for carrying the sessionID to the browser. One is URL Session Tracking. With this technique, the sessionID is passed in the URL. So, on the browser location line, you see the sessionID number or set of characters. This value should be validated in the server-side to ensure that the client has not manipulated the value.
Topics
Community Discussion
No community discussion yet for this question.
