Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The State of the SameSite: Studying the Usage, Effectiveness, and Adequacy of SameSite Cookies

IEEE via YouTube

Overview

Explore the usage, effectiveness, and adequacy of SameSite cookies in this 17-minute IEEE conference talk. Delve into the adoption of SameSite policies, functionality breakage, and potential threats such as CSRF attacks through state-changing GET and POST requests. Examine new threats like policy downgrades and the adequacy of Lax mode. Gain insights into browser inconsistencies and web framework implementations. Understand the current state of SameSite cookies and their impact on web security through comprehensive analysis and research findings presented by experts from CISPA Helmholtz Center for Information Security.

Syllabus

Intro
SameSite Cookies
Problem Statement
Adoption of SameSite Policies
Functionality Breakage
Threat: CSRF by Replaying State-changing GET
Threat: CSRF by Forging State-changing POST
New Threats: Policy Downgrades
RQ3: Lax Adequacy and Threats to Effectiveness
Browser Inconsistencies and Web Frameworks
Conclusion

Taught by

IEEE Symposium on Security and Privacy

Reviews

Start your review of The State of the SameSite: Studying the Usage, Effectiveness, and Adequacy of SameSite Cookies

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.