BiteSizedChunks.comLearn one small thing at a time.

Course contentsShow

Security

683Why Plain Text Password Storage is Catastrophic
684One-Way Hash Functions for Password Storage
685Rainbow Tables and Why Simple Hashing Fails
686Password Salting: Adding Uniqueness to Every Hash
687Why Fast Hashes Like MD5 and SHA-256 Are Unsuitable
688bcrypt: Work Factor and Adaptive Hashing
689scrypt: Memory-Hard Password Hashing
690Argon2: Modern Password Hashing Standard
691Pepper: Application-Level Secrets for Defense-in-Depth
692Upgrading Legacy Password Storage Systems
693Password Storage Best Practices and Implementation
694Password Complexity Requirements and Their Effectiveness
695Password Length vs Complexity Trade-offs
696Brute Force and Dictionary Attacks
697Rainbow Tables and Pre-computed Hash Attacks
698Credential Stuffing and Breach Databases
699Password Spraying Techniques
700Rate Limiting and Account Lockout Policies
701Compromised Password Detection
702Password Expiration and Rotation Policies
703What is a Session and Why Web Apps Need Them
704Session Identifiers: Generation and Properties
705Session Storage Mechanisms: Server-Side vs Client-Side
706Session Transmission: Cookies vs URL Parameters vs Headers
707Session Creation and Initialization
708Session Timeout and Idle Management
709Session Termination and Logout
710Concurrent Sessions and Device Management
711Session Data Storage: What to Store and What to Avoid
712Stateless Sessions and JWT Alternatives
713Session Hijacking Fundamentals
714Session Fixation Attacks
715Session Prediction and Weak Token Generation
716Session Sidejacking and Network Sniffing
717Cross-Site Scripting for Session Theft
718Session Replay Attacks
719Concurrent Session Exploitation
720Session Token Brute-Force and Enumeration
721Man-in-the-Browser and Session Riding
722Cookie Fundamentals and Attributes
723Secure and HttpOnly Flags
724SameSite Attribute Deep Dive
725Cookie Scope and Domain Security
726Cookie Prefixes (__Secure- and __Host-)
727Cookie Tampering and Integrity
728Third-Party Cookies and Privacy
729Cookie Theft and Session Hijacking
730Cookie Security Best Practices
731Session Creation and Initialization
732Session Storage Mechanisms
733Session Timeout Configurations
734Session Termination and Logout
735Session Regeneration After Privilege Changes
736Concurrent Session Management
737Session Monitoring and Anomaly Detection

Security

683Why Plain Text Password Storage is Catastrophic
684One-Way Hash Functions for Password Storage
685Rainbow Tables and Why Simple Hashing Fails
686Password Salting: Adding Uniqueness to Every Hash
687Why Fast Hashes Like MD5 and SHA-256 Are Unsuitable
688bcrypt: Work Factor and Adaptive Hashing
689scrypt: Memory-Hard Password Hashing
690Argon2: Modern Password Hashing Standard
691Pepper: Application-Level Secrets for Defense-in-Depth
692Upgrading Legacy Password Storage Systems
693Password Storage Best Practices and Implementation
694Password Complexity Requirements and Their Effectiveness
695Password Length vs Complexity Trade-offs
696Brute Force and Dictionary Attacks
697Rainbow Tables and Pre-computed Hash Attacks
698Credential Stuffing and Breach Databases
699Password Spraying Techniques
700Rate Limiting and Account Lockout Policies
701Compromised Password Detection
702Password Expiration and Rotation Policies
703What is a Session and Why Web Apps Need Them
704Session Identifiers: Generation and Properties
705Session Storage Mechanisms: Server-Side vs Client-Side
706Session Transmission: Cookies vs URL Parameters vs Headers
707Session Creation and Initialization
708Session Timeout and Idle Management
709Session Termination and Logout
710Concurrent Sessions and Device Management
711Session Data Storage: What to Store and What to Avoid
712Stateless Sessions and JWT Alternatives
713Session Hijacking Fundamentals
714Session Fixation Attacks
715Session Prediction and Weak Token Generation
716Session Sidejacking and Network Sniffing
717Cross-Site Scripting for Session Theft
718Session Replay Attacks
719Concurrent Session Exploitation
720Session Token Brute-Force and Enumeration
721Man-in-the-Browser and Session Riding
722Cookie Fundamentals and Attributes
723Secure and HttpOnly Flags
724SameSite Attribute Deep Dive
725Cookie Scope and Domain Security
726Cookie Prefixes (__Secure- and __Host-)
727Cookie Tampering and Integrity
728Third-Party Cookies and Privacy
729Cookie Theft and Session Hijacking
730Cookie Security Best Practices
731Session Creation and Initialization
732Session Storage Mechanisms
733Session Timeout Configurations
734Session Termination and Logout
735Session Regeneration After Privilege Changes
736Concurrent Session Management
737Session Monitoring and Anomaly Detection

← Security

Lesson 706 of 3,052·15. Web Security - Authentication and SessionsPro lesson

Session Transmission: Cookies vs URL Parameters vs Headers

How sessions are transmitted between client and server, risks of each method, and why cookies are preferred.

This lesson is for subscribers

You've completed the free preview. Subscribe to unlock every lesson in every course.

See pricing Back to course