Explore the vulnerabilities in cookie-based authentication and tracking mechanisms in this 34-minute conference talk from OWASP Global AppSec Tel Aviv. Delve into an automated framework developed to evaluate the effectiveness of browser policies and privacy extensions across 8 browsers and 46 ad blockers. Discover surprising bypasses to built-in browser policies and extensions, and learn how this framework can be applied to assess other security implementations like Content Security Policy and private browsing mode. Gain insights from Tom Van Goethem, a PhD student at the University of Leuven, known for his large-scale web security experiments and analysis of web practices.
Overview
Syllabus
Who left open the cookie jar? - TOM VAN GOETHEM
Taught by
OWASP Foundation