ScholarQuill logoScholarQuillUniversity Notes
  • Notes
  • Past Papers
  • Blogs
  • Todo
Login
ScholarQuill logoScholarQuillUniversity Notes
Login
NotesPast PapersBlogsTodo
More
SubjectsDiscussionCGPA CalculatorGPA CalculatorStudent PortalCourse Outline
About
About usPrivacy PolicyReportContact
Notes
Past Papers
Blogs
Todo
Analytics
    Current Subject
    🧩
    Web Engineering
    ITEC3111
    Progress0 / 24 topics
    Topics
    1. Web programming languages (HTML5, CSS3, JavaScript, PHP/JSP/ASP.Net)2. HTML53. CSS34. JavaScript5. PHP6. JSP7. ASP.Net8. Design principles of Web based applications9. Web platform constraints10. Software as a Service (SaaS)11. Web standards12. Responsive Web Design13. Web Applications14. Browser/Server Communication15. Storage Tier16. Cookies and Sessions17. Input Validation18. Full stack state management19. Web App Security - Browser Isolation20. Network Attacks and Session Attacks21. Large scale applications22. Performance of Web Applications23. Data Centers24. Web Testing and Web Maintenance
    ITEC3111›Network Attacks and Session Attacks
    Web EngineeringTopic 20 of 24

    Network Attacks and Session Attacks

    4 minread
    598words
    Beginnerlevel

    🌐 Network Attacks and Session Attacks (Web Engineering)

    📌 1. Definition

    🌐 Network Attacks

    Network attacks are malicious activities performed over a network to intercept, disrupt, or modify data communication between a client and server.

    🔐 Session Attacks

    Session attacks are attacks that target a user’s session information (Session ID, cookies, tokens) to hijack or impersonate a legitimate user.

    🌐 2. Network Attacks

    🧠 2.1 Overview

    Network attacks target the communication channel between:

    • Browser (client)
    • Server

    ⚠️ 2.2 Types of Network Attacks

    1. 🕵️‍♂️ Man-in-the-Middle (MITM) Attack

    📌 Definition

    An attacker secretly intercepts communication between two parties.

    🔑 How it works:

    • Attacker sits between user and server
    • Reads or modifies data

    📈 Example:

    • Stealing login credentials on public Wi-Fi

    2. 📡 Packet Sniffing

    📌 Definition

    Capturing data packets traveling over a network.

    🔑 Example tools:

    • Wireshark (used for analysis, but can be misused)

    3. 🔁 Replay Attack

    📌 Definition

    Attacker re-sends valid data packets to repeat unauthorized actions.

    📈 Example:

    • Reusing login request packets

    4. 🌊 Denial of Service (DoS/DDoS)

    📌 Definition

    Overloading a server with traffic to make it unavailable.

    🔑 Types:

    • DoS → single source
    • DDoS → multiple sources

    5. 🧨 DNS Spoofing

    📌 Definition

    Redirecting users to a fake website by modifying DNS records.

    🔐 3. Session Attacks

    🧠 3.1 Overview

    Session attacks target the session management system used in web applications.

    👉 Sessions are used to maintain user login state.

    ⚠️ 3.2 Types of Session Attacks

    1. 🍪 Session Hijacking

    📌 Definition

    Stealing a user's session ID to gain unauthorized access.

    🔑 Example:

    • Attacker logs into victim’s account without password

    2. 🎯 Session Fixation

    📌 Definition

    Attacker forces a user to use a predefined session ID.

    🔑 Process:

    1. Attacker sets session ID
    2. User logs in using that session
    3. Attacker reuses session

    3. 🕵️ Session Sniffing

    📌 Definition

    Intercepting session cookies using insecure networks.

    4. 💣 Cross-Site Request Forgery (CSRF)

    📌 Definition

    Forcing a logged-in user to perform unauthorized actions.

    📈 Example:

    • Transferring money without user consent

    📊 4. Network vs Session Attacks

    Feature Network Attacks 🌐 Session Attacks 🔐
    Target Communication channel User session data
    Focus Data transfer Authentication
    Example MITM, DoS Hijacking, CSRF
    Level Network layer Application layer

    🧩 5. Attack Flow Diagram

    User → Network → Server
      ↘ Attacker intercepts ↙
   (Data / Session Theft)

    🛡️ 6. Prevention Techniques

    🔐 For Network Attacks

    ✔ Use HTTPS (SSL/TLS encryption) ✔ Firewalls and intrusion detection systems ✔ Secure Wi-Fi networks ✔ Encryption of data packets

    🔐 For Session Attacks

    ✔ Use strong session IDs ✔ Session expiration (timeout) ✔ Regenerate session ID after login ✔ Use secure cookies (HttpOnly, Secure) ✔ Implement CSRF tokens

    📈 7. Importance in Web Security

    • Protects user data
    • Prevents unauthorized access
    • Ensures secure communication
    • Maintains trust in web applications

    ⚠️ 8. Important Exam Points

    ✔ Network attacks target data transmission ✔ Session attacks target user authentication state ✔ HTTPS reduces network attacks ✔ Secure session management reduces session attacks

    ❓ 9. Likely Exam Questions

    Short Questions

    1. Define network attacks.
    2. What is session hijacking?
    3. What is MITM attack?
    4. Define CSRF.
    5. Difference between network and session attacks.

    Long Questions

    1. Explain types of network attacks.
    2. Discuss session attacks in web applications.
    3. Explain session hijacking and session fixation.
    4. Describe prevention techniques for web attacks.
    5. Explain network and session attacks with examples.

    📝 10. Summary / Quick Revision

    • Network attacks → target communication (MITM, DoS, sniffing)

    • Session attacks → target user sessions (hijacking, fixation, CSRF)

    • Prevention:

      • HTTPS
      • Secure cookies
      • Session management
      • Encryption

    👉 In short: Network attacks break communication security, while session attacks break user authentication security.

    Previous topic 19
    Web App Security - Browser Isolation
    Next topic 21
    Large scale applications

    Past Papers

    Open this section to load past papers

    Click on Show Past Papers to see past papers.
    On This Page
      Reading Stats
      Est. reading time4 min
      Word count598
      Code examples0
      DifficultyBeginner