The FREE Cybersecurity Glossary by Thor Pedersen!

Session fixation: A type of attack where an attacker manipulates the session identifier, or "session ID," of a user's session to gain unauthorized access to their account. It is often used in web-based attacks, where the attacker may trick a user into using a compromised session ID. For instance, an attacker may send a user a malicious link with a pre-set session ID, allowing the attacker to hijack the user's session.

Session hijacking: An attack where an intruder takes over a valid session between a user and a system. The attacker exploits vulnerabilities in the session management, such as weak session IDs or unprotected network traffic, to impersonate the user. Once control is gained, the attacker can perform actions as the authenticated user, potentially leading to unauthorized access to sensitive information or functionality.

Session key: A temporary encryption key used for secure communication between two parties during a single session. It is used in cryptography to provide secure communication without the need for long-term keys. Examples include the use of session keys in SSL/TLS communications and in SSH connections.

Session Layer: The 5th layer of the OSI model is responsible for establishing, managing, and terminating connections between applications. Functions such as authentication, authorization, session restoration, and synchronization of data exchange are handled at this layer. By managing these session-based communications, the session layer enables coordinated data exchange between systems or applications.

Session sidejacking: A type of attack where an attacker intercepts and hijacks a user's session by stealing their session cookie. It is commonly used in wireless networks, where the attacker may use tools like a packet sniffer to capture unencrypted session cookies. For example, an attacker may use session sidejacking to gain access to a user's online bank account or social media account.

Shared Key Authentication (SKA): An outdated wireless authentication method where both the client and the access point must possess a pre-shared secret key. The protocol is vulnerable to several security issues and is no longer recommended for use in secure wireless environments, with modern protocols like WPA2 and WPA3 providing stronger security measures.