Web Cache Deception attack is a new web attack vector that puts various technologies and frameworks at risk. By manipulating behaviors of web servers and caching mechanisms, anonymous attackers can expose sensitive information of authenticated application users, and in certain cases to even take control over their accounts. The attack is amazingly simple to identify and exploit. During this talk, the audience will be introduced to an in-depth analysis of the anatomy, prerequisites and mitigation of the attack. The talk will proceed with the behaviors of different web servers and caching mechanisms, and will be capped off with examples of vulnerable websites and a live demo.