Session management in web applications is extremely important in regards to securing user credentials and integrity within the application. Sometimes, session tokens can be predicted, provided the overall randomness is weak. If this is possible, a remote attacker may be able to compromise the session of an authenticated user. In this episode of Tradecraft Security Weekly, Beau Bullock (@dafthack) and Mike Felch (@ustayready) discuss the issues associated with creating session tokens with weak entropy!
LINKS: nVisium Blog OWASP Entropy[audio src="http://traffic.libsyn.com/tswaudio/Identifying_Weak_Session_Tokens_Using_Entropy_-_Tradecraft_Security_Weekly_15_converted.mp3"]