Explore the vulnerabilities in cookie-based authentication and tracking mechanisms in this 34-minute conference talk from OWASP Global AppSec Tel Aviv. Delve into an automated framework developed to evaluate the effectiveness of browser policies and privacy extensions across 8 browsers and 46 ad blockers. Discover surprising bypasses to built-in browser policies and extensions, and learn how this framework can be applied to assess other security implementations like Content Security Policy and private browsing mode. Gain insights from Tom Van Goethem, a PhD student at the University of Leuven, known for his large-scale web security experiments and analysis of web practices.
Bypassing Browser Policies and Privacy Extensions for Cookies
Overview
Syllabus
Who left open the cookie jar? - TOM VAN GOETHEM
Taught by
OWASP Foundation
Related Courses
-
EmPoWeb - Empowering Web Applications with Browser Extensions
-
Web Platform Threats: Automated Detection of Web Security Issues with WPT
-
Next Steps for Browser Privacy: Pursuing Protections Beyond Extensions
-
Everything You Always Wanted to Know About Fingerprinting Browser Extensions
-
Mystique - Uncovering Information Leakage from Browser Extensions
