Session Prediction


Session prediction is an attack technique used to hijack or impersonate a web or application user. The attack focuses on predicting session ID values that permit an attacker to bypass the authentication method of an application. By analyzing and understanding the session ID generation process, an attacker can predict a valid session ID value and get access to the application.

To achieve this an attacker needs to collect some valid session ID values that are used to identify authenticated users. Then, the attacker must understand the structure of session ID, the information that is used to create it, and the encryption or hash algorithm used by the application to protect it. By studying the characteristics of the session ID the attacker can predict legitimate session IDs.

In addition, the attacker can implement a brute force technique to generate and test different values of session ID until they successfully get access to the application. The attacker can then use the falsified session ID to access the target system.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Radware Blog
Security Research Center
CyberPedia