Web App Hacking: Cookie Attacks

In this course, you will learn how severe consequences can happen as a result of insecure cookie processing. You will see how cookie attacks work in practice and how to test web applications for various cookie processing flaws.


Cookies are interesting for attackers because of the sensitive data they store. This course, Web App Hacking: Cookie Attacks, will teach you how to avoid the severe consequences of insecure cookie processing. First, you'll learn how cookies with sensitive data can leak over insecure channel. Next, you'll learn how the attacker can hijack cookies remotely. You'll also learn about weaknesses in cookie lifecycle and see one of the most underestimated cookie attacks - XSS via cookie. Finally, you'll learn how the attacker can tamper remotely with cookies of the user. By the end of the course, you'll know how cookie attacks work in practice and how to test web applications for various cookie processing flaws. What's more, you will learn how to process cookies securely.

• Course Overview 1min
• Introduction 6mins
• Leakage of Cookie with Sensitive Data 8mins
• Cookie Hijacking 9mins
• Weaknesses in Cookie Lifecycle 11mins
• Underestimated Risk: XSS via Cookie 11mins
• Remote Cookie Tampering 8mins
• Summary 5mins