undefined | Better HN

story

0 pointsthdhhghgbhy9mo ago0 comments

I'm all ears, please provide one potential way.

0 comments

> I'm all ears, please provide one potential way.

Just Google for session hijacking attacks. There's a wealth of information on the topic. It's a regular entry in OWASP top 10.

thdhhghgbhyOP9mo ago

I did, and xss and session sniffing listed on the OWASP web page, would be prevented by following OAuth flows. So that just leaves mitm, which as I said, is effectively breaking https.

1 more reply

j / k navigate · click thread line to collapse