Session tokens give attackers a shortcut around MFA

In this Help Net Security video, Simon Wijckmans, CEO at cside, discusses why session token theft is rising and why security teams miss it. He walks through how web applications rely on browsers to store session tokens after login often in cookies or browser storage. Any script running on the page can reach those tokens including ads analytics tools and marketing tags.

Attackers use this access to steal tokens and bypass MFA giving them the same access as valid users for a limited time. Simon describes how these tokens are sold through live feeds and why this trend is growing as authentication improves. He also explains why network focused security tools fail to detect this activity.

The discussion expands into client side supply chain risk compliance requirements and incidents tied to third party scripts. The video closes with guidance on monitoring browser behavior and treating client side security as an ownership issue rather than a user problem.