How the Cookie Crumbles: Modern HTTP State Persistence

BSidesROC 2018

Presented by: Chaim Sanders
Date: Saturday April 14, 2018
Time: 10:00 - 10:50
Location: Track 1

In this talk, we review known attacks fundamental to the design of cookies and mitigation strategies. Additionally, we compare how various browsers and libraries handle cookies and the security implications that follow. Lastly, we investigate new technologies that are vying to replace cookies and how they might be used to effectively solve the issue of storing state information on the client-side.

Chaim Sanders

Chaim is the Security Lead at ZeroFOX, which provides comprehensive social media protection for enterprises. Outside of ZeroFOX he teaches for the computing security department at the Rochester Institute of Technology. His areas of interest include web security with a focus on defensive web technologies. Chaim contributes to several Open Source projects including ModSecurity and OWASP Core Rule Set, where he serves as the project leader.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats