undefined | Better HN

0 pointsmotorest7mo ago0 comments

> I'm all ears, please provide one potential way.

Just Google for session hijacking attacks. There's a wealth of information on the topic. It's a regular entry in OWASP top 10.

0 comments

thdhhghgbhy7mo ago

I did, and xss and session sniffing listed on the OWASP web page, would be prevented by following OAuth flows. So that just leaves mitm, which as I said, is effectively breaking https.

motorestOP7mo ago

> I did, and xss and session sniffing listed on the OWASP web page, would be prevented by following OAuth flows.

OWASP's page lists 3 more examples which it seems you omitted for some reason.

j / k navigate · click thread line to collapse