10 – Session Hijacking Taking control of a valid user session Techniques: Session sniffing Cross-site scripting (XSS) Predicting session tokens Tools: Burp Suite, Ettercap Mitigation: Secure cookies, HTTPS, regenerating session IDs