Improving Your Splunk Skills

Improving Your Splunk Skills

Title Page

Identifying potential session spoofing

Sometimes, the most common website operational issues relate to malicious users operating on the site or attempting malicious activities. One of the simpler and more common activities is to attempt to spoof the session identifier of a legitimate one in the hope that a session can be hijacked. Typically, web applications are built for proper session handling, but mistakes can be made, and even the best web applications can fall victim to simple session spoofing or hijacking. Understanding the impact that this can have on the operation of the website, we will leverage a common command we used throughout this chapter to identify any potential malicious use and flag it for investigation.

In this recipe, you will write a Splunk search to aid in the identification of potential session spoofing over a given period of time. The results will be presented...

Unlock full access

Continue reading with a subscription

Packt gives you instant online access to a library of over 7,500 practical eBooks and videos, constantly updated with the latest in tech

Your notes and bookmarks