Session Race Conditions and Session Puzzling – Now Simplified
A few months ago Shay Chen, Senior Manager at Hacktics Advanced Security Center (HASC) published a paper about Session Puzzling, a new application level attack vector of critical severity and numerous uses, but for some bizarre reasons, most of the responses I got was that the attack was too complicated to comprehend all it once.
Source: Session Race Conditions and Session Puzzling – Now Simplified