Cookie Crumbles: Unveiling Web Session Integrity Vulnerabilities | A Conversation with Pedro Adão and Marco Squarcina | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli

Guests:

Pedro Adão, Associate Professor, Instituto Superior Técnico, Universidade de Lisboa [@istecnico

On Linkedin | https://www.linkedin.com/in/pedro-ad%C3%A3o-b5b792/?

Marco Squarcina, Senior Scientist, TU Wien [@tu_wien]

On Linkedin | https://www.linkedin.com/in/squarcina/?originalSubdomain=at

Website | https://minimalblue.com/ ____________________________

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast and Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

Island.io | https://itspm.ag/island-io-6b5ffd

____________________________

Episode Notes

In this Chats on the Road to Black Hat USA, hosts Sean and Marco are joined by guests Pedro and Marco to explore the vulnerabilities and challenges of web security. The conversation begins with an explanation of the Double Submit and Synchronized Token patterns used to protect against CSRF (cross site request forgery) attacks. They discuss the limitations of these patterns, particularly when it comes to the integrity of cookies.

The guests highlight the potential for attackers to modify cookies and the need for better solutions. The conversation then unpacks the complexities of web security, including the difficulties of maintaining backward compatibility and the challenges of multiple components and parties involved in web development, delivery, and operations. They address the importance of revising the security of subdomains and implementing security mechanisms like HSTS (HTTP strict transport security) with the inclusive domain directive.

The conversation also raises philosophical questions about the responsibility of companies and the development community in addressing web security, as well as the role of legislation in this space. The group emphasizes the need for better platforms and frameworks that prioritize security from the start.

The conversation concludes with a discussion on the importance of ongoing research, reporting vulnerabilities to developers, and finding solutions to improve the overall security of web applications. Listeners can expect to gain a deeper understanding of web security challenges and the ongoing efforts to address vulnerabilities and improve the security of the internet ahead of Pedro's and Marco's research presentation at Black Hat USA 2023.

Stay tuned for all of our Black Hat USA 2023 coverage: https://www.itspmagazine.com/bhusa

____

Resources

Cookie Crumbles: Unveiling Web Session Integrity Vulnerabilities: https://blackhat.com/us-23/briefings/schedule/#cookie-crumbles-unveiling-web-session-integrity-vulnerabilities-32551

For more Black Hat USA 2023 Event information, coverage, and podcast and video episodes, visit: https://www.itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegas

Are you interested in telling your story in connection with our Black Hat coverage? Book a briefing here: 👉 https://itspm.ag/bhusa23tsp

Want to connect you brand to our Black Hat coverage and also tell your company story? Explore the sponsorship bundle here: 👉 https://itspm.ag/bhusa23bndl

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel? 👉 https://www.itspmagazine.com/podcast-series-sponsorships

Release date

Lydbog: 2. august 2023