During a security review of an application, a tester discovers that malicious actors are altering session tokens so they appear to be legitimate users. Which category from typical threat modeling techniques best describes this activity?
Replacing sensitive data in a database with harmful content
Launching requests to exhaust server capacity
Withholding acknowledgment that an event has taken place
Presenting false credentials to mimic a valid identity
Altering tokens to impersonate a real account exemplifies pretending to be a valid entity. That falls under one of the standard categories from the threat modeling perspective. Other choices involve issues such as modifying data at rest, taking advantage of unprotected communications, or preventing resource availability, which do not focus on masquerading as another user.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are session tokens, and how do they work?
Open an interactive chat with Bash
What are common techniques malicious actors use to alter session tokens?
Open an interactive chat with Bash
What practices can prevent session token manipulation or misuse?