Cookie Crumbles: Unveiling Web Session Integrity Vulnerabilities | A Conversation with Pedro Adão and Marco Squarcina | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli episode artwork

EPISODE · Aug 2, 2023 · 29 MIN

Cookie Crumbles: Unveiling Web Session Integrity Vulnerabilities | A Conversation with Pedro Adão and Marco Squarcina | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli

from Redefining CyberSecurity · host Sean Martin, ITSPmagazine, ITSPmagazine Event Coverage, Marco Ciappelli, Marco Squarcina, Pedro Adão

Guests: Pedro Adão, Associate Professor, Instituto Superior Técnico, Universidade de Lisboa [@istecnicoOn Linkedin | https://www.linkedin.com/in/pedro-ad%C3%A3o-b5b792/?Marco Squarcina, Senior Scientist, TU Wien [@tu_wien]On Linkedin | https://www.linkedin.com/in/squarcina/?originalSubdomain=atWebsite | https://minimalblue.com/____________________________Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast and Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode’s SponsorsIsland.io | https://itspm.ag/island-io-6b5ffd____________________________Episode NotesIn this Chats on the Road to Black Hat USA, hosts Sean and Marco are joined by guests Pedro and Marco to explore the vulnerabilities and challenges of web security. The conversation begins with an explanation of the Double Submit and Synchronized Token patterns used to protect against CSRF (cross site request forgery) attacks. They discuss the limitations of these patterns, particularly when it comes to the integrity of cookies.The guests highlight the potential for attackers to modify cookies and the need for better solutions. The conversation then unpacks the complexities of web security, including the difficulties of maintaining backward compatibility and the challenges of multiple components and parties involved in web development, delivery, and operations. They address the importance of revising the security of subdomains and implementing security mechanisms like HSTS (HTTP strict transport security) with the inclusive domain directive.The conversation also raises philosophical questions about the responsibility of companies and the development community in addressing web security, as well as the role of legislation in this space. The group emphasizes the need for better platforms and frameworks that prioritize security from the start.The conversation concludes with a discussion on the importance of ongoing research, reporting vulnerabilities to developers, and finding solutions to improve the overall security of web applications. Listeners can expect to gain a deeper understanding of web security challenges and the ongoing efforts to address vulnerabilities and improve the security of the internet ahead of Pedro's and Marco's research presentation at Black Hat USA 2023.Stay tuned for all of our Black Hat USA 2023 coverage: https://www.itspmagazine.com/bhusa____ResourcesCookie Crumbles: Unveiling Web Session Integrity Vulnerabilities: https://blackhat.com/us-23/briefings/schedule/#cookie-crumbles-unveiling-web-session-integrity-vulnerabilities-32551For more Black Hat USA 2023 Event information, coverage, and podcast and video episodes, visit: https://www.itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story in connection with our Black Hat coverage? Book a briefing here:👉 https://itspm.ag/bhusa23tspWant to connect you brand to our Black Hat coverage and also tell your company story? Explore the sponsorship bundle here:👉 https://itspm.ag/bhusa23bndlTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this Chats on the Road to Black Hat USA, hosts Sean and Marco discuss web security vulnerabilities with guests Pedro Adão and Marco Squarcina, exploring challenges, solutions, and the responsibility of the development community.

NOW PLAYING

Cookie Crumbles: Unveiling Web Session Integrity Vulnerabilities | A Conversation with Pedro Adão and Marco Squarcina | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli

0:00 29:31

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Darknet Discussions Darknet Discussions Welcome to "Darknet Discussions," the podcast that gets into the shadows of the internet to bring you the most intriguing, enlightening, and sometimes unsettling stories from the dark web. Hosted by seasoned darknet aficionados, each episode of "Darknet Discussions" explores the intricate dynamics of darknet markets, cybersecurity threats, and the digital underworld. Join us as we interview experts, discuss the latest trends in cybercrime, and shed light on the technologies that operate beneath the surface of everyday internet use. Also, we occasionally go off on a tangent about something completely unrelated. IT Trendsetters SynerComm During each episode, our team is joined by a relevant industry expert to gain insight into new IT trends and learn about important IT and cybersecurity concepts. Our goal is to give you the advice your need to safeguard your network and digital assets. The AI-Powered Lawyer River Braun Welcome to The AI-Powered Lawyer, where host River Braun takes you on a journey into the heart of the AI revolution in law. This isn't about traditional legal practice; it's about exploring cutting-edge technology that's transforming the way we work. Each episode dives into the tools, trends, and techniques redefining what it means to be a lawyer in the age of AI. Subscribe and join us as we redefine law...together! IT Jobs's Podcast IT Jobs Two Cisco CCIEs discussing topics related to getting and IT Job or hiring for an IT Job. Focus on both Network Engineering, Cloud, Development, and CyberSecurity and as much reality as can be brought.

Frequently Asked Questions

How long is this episode of Redefining CyberSecurity?

This episode is 29 minutes long.

When was this Redefining CyberSecurity episode published?

This episode was published on August 2, 2023.

What is this episode about?

Guests: Pedro Adão, Associate Professor, Instituto Superior Técnico, Universidade de Lisboa [@istecnicoOn Linkedin | https://www.linkedin.com/in/pedro-ad%C3%A3o-b5b792/?Marco Squarcina, Senior Scientist, TU Wien [@tu_wien]On Linkedin |...

Can I download this Redefining CyberSecurity episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!