How the Cookie Crumbles: Modern HTTP State Persistence

Chaim Sanders

Length: 50 Minutes

Location: Track 1 at 1000

Talk Description: In this talk, we review known attacks fundamental to the design of cookies and mitigation strategies. Additionally, we compare how various browsers and libraries handle cookies and the security implications that follow. Lastly, we investigate new technologies that are vying to replace cookies and how they might be used to effectively solve the issue of storing state information on the client-side.

Bio: Chaim is the Security Lead at ZeroFOX, which provides comprehensive social media protection for enterprises. Outside of ZeroFOX he teaches for the computing security department at the Rochester Institute of Technology. His areas of interest include web security with a focus on defensive web technologies. Chaim contributes to several Open Source projects including ModSecurity and OWASP Core Rule Set, where he serves as the project leader.


Back to Schedule