Pentesting ASP.NET Cookieless Sessions with Burp

Carrie Roberts & Brian King // We were recently testing a web application that used ASP.NET cookieless sessions. This meant that the session token was part of the URL as […]

Read the entire post here