| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Web application session management sounds pretty straightforward, right? Send creds, get a cookie, send the cookie on subsequent requests, and you're in. While that may be true, it's only half of the (horror) story.
In this technical, example-driven talk, we'll dive into session management issues in a manner friendly to both newbies and veterans alike. We'll describe some of the more common web app session management issues, discover industry trends ("I don't need no stinkin' database!"), detail some of the new directions in session management security. I'll wrap up the talk by demonstrating some ways in which web app sessions can be made more resilient to attacks. Matthew Sullivan is a pentester, developer, and security analyst living in Ames, Iowa. Matthew is the co-founder of the OWASP Ames chapter, creator of the Cookie Cadger HTTP session auditing tool, and an occasional presenter to both technical and non-technical audiences at various conferences and seminars.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast