all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Cookie Crumbles: Unveiling Web Session Integrity Vulnerabilities

Add to bookmarks
Jan. 26, 2024, 6:15 p.m. | Black Hat

Black Hat www.youtube.com

Cookies have a long history of vulnerabilities targeting their confidentiality and integrity. To address these issues, new mechanisms have been proposed and implemented in browsers and server-side applications. Notably, the updated cookie standard RFC6265bis improved the Secure attribute and introduced cookie prefixes to strengthen cookie integrity against network and same-site attackers, whereas the SameSite attribute has been touted as the solution to CSRF. On the server, token-based protections are considered an effective defense for CSRF in the synchronizer token pattern …

address applications attackers browsers confidentiality cookie cookies history integrity network same-site server session standard targeting vulnerabilities web

Visit resource

More from www.youtube.com / Black Hat

Startup Spotlight Competition at Black Hat 5 days, 22 hours ago | www.youtube.com
bhusa blackhat cybersecurity infosec +1
Locknote: Conclusions and Key Takeaways from Day 2 3 weeks, 4 days ago | www.youtube.com
black hat black hat europe board board members +15
Locknote: Conclusions and Key Takeaways from Day 1 3 weeks, 4 days ago | www.youtube.com
black hat black hat europe board board members +16
Keynote: My Lessons from the Uber Case 3 weeks, 4 days ago | www.youtube.com
addition best practices case convicted +16
Keynote: Industrialising Cyber Defence in an Asymmetric World 3 weeks, 4 days ago | www.youtube.com
adversaries challenge cyber cyber defence +10
The Black Hat Europe Network Operations Center (NOC) Report 3 weeks, 4 days ago | www.youtube.com
back black hat black hat europe center +14
My Invisible Adversary: Burnout 1 month ago | www.youtube.com
adversary attackers attacks burnout +11
The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility 1 month ago | www.youtube.com
analysis ask bad codeql +10
A World-View of IP Spoofing in L4 Volumetric DoS Attacks - and a Call to … 1 month ago | www.youtube.com
attacks call cloudflare detection +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Information Assurance Security Specialist (IASS)

@ OBXtek Inc. | United States
View on infosec-jobs.com

Cyber Security Technology Analyst

@ Airbus | Bengaluru (Airbus)
View on infosec-jobs.com

Vice President, Cyber Operations Engineer

@ BlackRock | LO9-London - Drapers Gardens
View on infosec-jobs.com

Cryptography Software Developer

@ Intel | USA - AZ - Chandler
View on infosec-jobs.com

Lead Consultant, Geology

@ WSP | Richmond, VA, United States
View on infosec-jobs.com

BISO Cybersecurity Director

@ ABM Industries | Alpharetta, GA, United States
View on infosec-jobs.com
View more jobs