SecAppDev 2019 has ended
Back To Schedule
Friday, February 22 • 16:00 - 17:15
Who left open the Cookie Jar?

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Cookies have been around for more than 20 years, and have a large impact on online security and privacy. We evaluate whether the implemented safeguards are always behaving as expected.

Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. While not directly accessible across origins, cookies are present on all cross-site requests. These so-called third-party cookies enable both cross-site attacks and third-party tracking. To mitigate these nefarious consequences, various countermeasures have been developed. Some come in the form of browser extensions, while others are built into the browser. One well-known example is Safari's Intelligent Tracking Protection (IPT). Unfortunately, these mechanisms are not as effective as one might hope.

In this session, we explore the current landscape of cookie security policies. We show how to bypass many security mechanisms using novel attack techniques. Additionally, we illustrate how even built-in security mechanisms can be circumvented. You will walk away with a solid understanding of third-party cookies in the modern web. As a user, you will learn how to protect yourself better. As a developer, you will learn how to handle cookies more securely.

This session is intended for anyone with an interest in privacy on the web; anyone who want to securely make use of cookies


Tom Van Goethem

PhD Researcher, KU Leuven

Friday February 22, 2019 16:00 - 17:15 CET
West wing (room Lemaître)