In which of the following levels of the OSI model does an attacker gain control over the HTTP user session by obtaining the session IDs and create new unauthorized sessions by using the stolen data?

In which of the following levels of the OSI model does an attacker gain control over the HTTP user session by obtaining the session IDs and create new unauthorized sessions by using the stolen data?
A . Presentation level
B . Transport level
C . Network-level
D . Application-level

View Answer

Answer: D

Explanation:

In the OSI model, the application layer (Layer 7) is closest to users and establishes communication between the user and applications. It deals with user interfaces, protocols, and application-specific data. An attacker who gains control over the HTTP user session by obtaining session IDs and creating new unauthorized sessions operates at the application level. By manipulating session IDs, the attacker can impersonate legitimate users and perform unauthorized actions.

Reference: EC-Council Certified Security Specialist (E|CSS) documents and study guide1.

EC-Council Certified Security Specialist (E|CSS) course materials2.

The application layer is where HTTP operates, making it the relevant layer for session management and security. Attackers exploit vulnerabilities in web applications to gain unauthorized access, manipulate sessions, and potentially compromise user data. Ensuring secure session management practices is crucial to prevent such attacks.