Adrian Hayter

Adrian Hayter is an information security professional with over 10 years of experience developing and breaking web applications. He currently works as a senior penetration tester on Veracode’s MPT team. Adrian also has experience in network penetration testing, and has a keen interest in the Internet of Things (IoT) as well as the development of exploits and security tools. He received a BSc and MSc in Computer Science and Information Security from Royal Holloway, University of London.
Posts by Adrian Hayter

Security Can Be Complicated. Session Management Doesn’t Have To Be.

July 18, 2017  | Secure Development

Session Management does not need to be complex. Simple session management.

While performing a manual penetration test recently, I encountered a session management system that flew in the face of almost all the recommended security practices. Rather than use a pre-built implementation associated with a development framework, the developers had written one from scratch that, among other things: Generated session tokens based on the user ID and numeric counters. Appended... READ MORE



contact menu