Broken authentication and session management is among the most prominent security vulnerabilities according to The Open Web Application Security Project Foundation (the OWASP Top 10). Many developers assume that it works out of the box in Java EE. Unfortunately that’s not the case. Even though Java EE provides support for secure authentication and session management, it’s still developers’ responsibility to use it correctly. In live demos, you’ll learn how to hijack a session by exploiting common security vulnerabilities on the client-side, on the server-side, and in transport. You’ll also find out about common mistakes and omissions related to authentication and session management along with the ways to protect your applications using Java EE mechanisms.