HTTP cookies are an important part of trust on the web. Users often trade their login credentials for a cookie, which is then used to authenticate subsequent requests. Cookies are valuable to attackers: passwords can be fortified by two-factor authentication and "new login location detected" emails, but session cookies typically bypass these measures. This talk will explore the security implications of how popular browsers store cookies, ways in which cookies can be stolen, and potential mitigations.
David Wyde is a security researcher at Cisco Systems, with a background in web application development. His favorite type of cookie is double chocolate chip, but HTTP cookies are a close second. When he's not working with software, he enjoys playing chess, dodgeball, ping pong, and N64 Super Smash Bros. Website: http://davidwyde.com