Session Hijacking (Man-in-the-Middle)

Session hijacking, or man-in-the-middle (MitM) attack, is a security breach where an unauthorized party intercepts and possibly alters communication between a user and a server. This allows the attacker to gain unauthorized access to sensitive information, such as login credentials or session tokens, potentially leading to impersonation and unauthorized account access.


Lenovo faced backlash in 2015 when it was revealed that some of its laptops were pre-installed with adware called Superfish. Superfish used a self-signed root certificate to intercept and inspect encrypted connections, potentially leaving users vulnerable to man-in-the-middle attacks. The presence of this adware not only raised serious security concerns but also led to a loss of trust in Lenovo's products.




Github logo View source on GitHub

Loading comments 0%

Provided by dotNET lab

This website is created, hosted and provided by dotNET lab. dotNET lab provides training and guidance on secure software development. Contact us to get in touch!

OWASP Cornucopia

OWASP Cornucopia is originally created by Colin Watson. It is open source and can be downloaded free of charge from the OWASP website. It is is free to use. It is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. OWASP does not endorse or recommend commercial products or services. OWASP Cornucopia is licensed under the Creative Commons Attribution-ShareAlike 3.0 license and is © 2012-2016 OWASP Foundation.