register for 2024
May 28-31, 2024 | Aria Resort & Casino, Las Vegas, NV
register for 2024
Identiverse 2023 • Session
Crumbling the Cookie: Fixing a Weak Link in Authentication on the Web
Architecture, Standards, Engineering
Back to Main Agenda
Juniper 4
4:30 pm - 4:55 pm
Senior Security Software Engineer
Session Abstract: WebAuthn, OAuth 2.0, passkeys, ... the list goes on. We've never had so many tools to securely establish user and application identity while maintaining privacy and convenience. But we risk turning back the clock and squandering those gains when we tie it all together with a session identifier or simple JWT stored in a cookie. Still, browsers and HTTP clients offer few other options for securely proving identity over the course of a browsing session. In this talk we'll go over the issues that cookies and bearer tokens present, detail some application-level mitigations, and address ongoing developments in browser- and protocol-level standards to fill this gap in our industrywide security posture.
Follow us on
identity everywhere
Stay informed on the latest event updates
Identiverse: The Identity Universe
hosted by CyberRisk Alliance
register now