Session Hijacking (Man-in-the-Middle)

Session hijacking, or man-in-the-middle (MitM) attack, is a security breach where an unauthorized party intercepts and possibly alters communication between a user and a server. This allows the attacker to gain unauthorized access to sensitive information, such as login credentials or session tokens, potentially leading to impersonation and unauthorized account access.

Example

Lenovo faced backlash in 2015 when it was revealed that some of its laptops were pre-installed with adware called Superfish. Superfish used a self-signed root certificate to intercept and inspect encrypted connections, potentially leaving users vulnerable to man-in-the-middle attacks. The presence of this adware not only raised serious security concerns but also led to a loss of trust in Lenovo's products.

Cards

Authorization

Session-management

Github logo View source on GitHub

OWASP Cornucopia

  • OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams identify security requirements in Agile, conventional and formal development processes. It is language, platform and technology-agnostic, and is free to use.
  • OWASP Cornucopia is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar licence to this one.
  • © 2012-2025 OWASP Foundation. The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software.