Saturday, August 1, 2015

Device Identification to prevent Session Hijacking

This slide was from a webinar from CA I attended. It talked about how to prevent session hijacking by using device identification techniques.

So, besides ensuring the user is coming in from a "trusted" device during initial authentication, each access to a protected application is validated again. 

This can be quite resource intensive, but if an application is sensitive and of highest importance to customers, then it makes sense.


No comments:

Post a Comment