• Introduction to Sessions
• Session Hijacking
• Session Fixation
• Obtaining Session Identifiers without User Interaction
• Cross-Site Scripting (XSS)
• Cross-Site Request Forgery (CSRF or XSRF)
• Cross-Site Request Forgery (GET-based)
• Cross-Site Request Forgery (POST-based)
• XSS & CSRF Chaining
• Exploiting Weak CSRF Tokens
• Additional CSRF Protection Bypasses
• Open Redirect
• Remediation Advice
• Skills Assessment