Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Hacking Cookies in Modern Web Applications and Browsers

Hack In The Box Security Conference via YouTube

Start learning Write review
TrainSec Ad

Learn EDR Internals: Research & Development From The Masters

Learn More → Datacamp Ad

Power BI Fundamentals - Create visualizations and dashboards from scratch

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore cookie-related vulnerabilities in modern web applications and browsers in this 45-minute conference talk from HITB GSEC 2015. Delve into topics such as insecure processing of secure flags, bypassing HttpOnly flags, cookie tampering, and underestimated XSS via cookies. Learn about the importance of secure cookie processing from both web application and browser perspectives, including discussions on HTTP Strict Transport Security (HSTS), the significance of session regeneration, and server-side invalidation. Gain insights from security expert Dawid Czagan, who has discovered vulnerabilities in major tech companies and shares his experience in bug hunting and web application security.

Syllabus

Intro
Motivation
Agenda
Secure flag & HSTS
Importance of regeneration
Server-side invalidation
HttpOnly flag
Domain attribute
Cookie tampering
Underestimated XSS via cookie
Conclusions

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Hacking Cookies in Modern Web Applications and Browsers

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.