register for 2024
May 28-31, 2024 | Aria Resort & Casino, Las Vegas, NV
register for 2024
2023 Event | Session Video
Crumbling the Cookie Fixing a Weak Link in Authentication on the Web

Speaker: Zachary Voase – Senior Security Software Engineer – Netflix
Date: Thursday, June 1, 2023
Location: ARIA Resort & Casino | Las Vegas, NV

Description: WebAuthn, OAuth 2.0, passkeys, … the list goes on. We’ve never had so many tools to securely establish user and application identity while maintaining privacy and convenience. But we risk turning back the clock and squandering those gains when we tie it all together with a session identifier or simple JWT stored in a cookie. Still, browsers and HTTP clients offer few other options for securely proving identity over the course of a browsing session. In this talk we’ll go over the issues that cookies and bearer tokens present, detail some application-level mitigations, and address ongoing developments in browser- and protocol-level standards to fill this gap in our industrywide security posture.

Follow us on
identity everywhere
Stay informed on the latest event updates
Identiverse: The Identity Universe
hosted by CyberRisk Alliance
register now