21
I'm wondering if there is an easy way to test the security of my ASP site. I use a lot of server-side sessions and though I know it can be highjacked, sniffed, and isn't exactly a good use of resources, i need it to maintain a lot of states. I don't store sensitive information on the servers or in sessions, but it still contains personal data. I read through different sites and posts, and they basically say sessions are pretty secure, unless they sniff and monitor the traffic.... so it's not really secure is it?
Also, I strip out symbols and use regular expressions to take out anything for e.g., login, search, etc. that isn't a number/letter or converted, so it's not prone to injection, but if they sniff out the sessions they can still do some damage I suppose.
The reason I'm wondering is when I abandon.session in, say, www.this.com/admin/logout.asp, my session in www.this.com is also gone. Is this normal? It seems they are connected when I open seperate tabs, but not separate windows. I think this is the advantage/"feature" of tabs, but will it be/is a security flaw as well? Where can I test this? Thanks!
