Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Got Cookies? Cookie Based Authentication Vulner...

Harsh Bothra
February 27, 2021
Technology
0
820

Got Cookies? Cookie Based Authentication Vulnerabilities

Cookies are often found in the wild and can be seen in many web applications. This is an interesting attack vector if explored properly and can lead to multiple security risks. This talk is around various possible vulnerabilities when a Cookie Based Authentication is provided.

Harsh Bothra

February 27, 2021
Tweet

More Decks by Harsh Bothra

See All by Harsh Bothra
Demystifying_Application_Security.pdf
harshbothra
0
90
Tale of Chaining Bugs for Account Takeover
harshbothra
2
2.6k
Trending Vulnerabilities with Insights to OWASP TOP 10
harshbothra
0
460
Exploiting Misconfigured Jira Instances for $$$
harshbothra
0
1k
Bug Hunting Tactics & Wins for 2021
harshbothra
3
1k
Bug Hunting Tactics
harshbothra
3
1.4k
Application Testing Methodology & Scope Based Recon
harshbothra
2
2k
Having Fun with RegEx
harshbothra
2
1.6k
Broken Cryptography & Account Takeovers
harshbothra
1
2.8k

Other Decks in Technology

See All in Technology
APIテスト自動化の勘所
yokawasa
7
4.1k
君は隠しイベントを見つけれるか?
mujyun
0
290
急成長中のWINTICKETにおける品質と開発スピードと向き合ったQA戦略と今後の展望 / winticket-autify
cyberagentdevelopers
PRO
1
160
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
3.6k
カメラを用いた店内計測におけるオプトインの仕組みの実現 / ai-optin-camera
cyberagentdevelopers
PRO
1
120
【技術書典17】OpenFOAM(自宅で極める流体解析)2次元円柱まわりの流れ
kamakiri1225
0
210
CAMERA-Suite: 広告文生成のための評価スイート / ai-camera-suite
cyberagentdevelopers
PRO
3
270
プロダクトエンジニアが活躍する環境を作りたくて 事業責任者になった話 ~プロダクトエンジニアの行き着く先~
gimupop
1
480
Java x Spring Boot Warm up
kazu_kichi_67
2
490
Jr. Championsになって、強く連携しながらAWSをもっと使いたい!~AWSに対する期待と行動~
amixedcolor
0
190
ネット広告に未来はあるか?「3rd Party Cookie廃止とPrivacy Sandboxの効果検証の裏側」 / third-party-cookie-privacy
cyberagentdevelopers
PRO
1
130
チームを主語にしてみる / Making "Team" the Subject
ar_tama
4
310

Featured

See All Featured
Fashionably flexible responsive web design (full day workshop)
malarkey
404
65k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
Being A Developer After 40
akosma
86
590k
Fontdeck: Realign not Redesign
paulrobertlloyd
81
5.2k
Faster Mobile Websites
deanohume
304
30k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
41
2.1k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
355
29k
RailsConf 2023
tenderlove
29
880
Product Roadmaps are Hard
iamctodd
PRO
48
10k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.5k

Transcript

  1. Got Cookies? Cookie Based Authentication Vulnerabilities By: Harsh Bothra @harshbothra_

  2. Introduction @harshbothra_ Core Pentester @Cobalt.io Lazy Bug Hunter @Synack @Bugcrowd

    Bugcrowd TOP 150 Hackers & MVP Q1 – Q2 Author: Multiple Hacking Books Security Blogs @Medium Speaker @Multiple Security Conferences Poet | Writer | Learner

  3. AGENDA @harshbothra_ Introduction to Cookies Vulnerabilities in Cookie based Authentication

    Real Life Case Studies Tips & Tricks Wrap – Up

  4. Introduction to Cookies @harshbothra_

  5. Vulnerabilities in Cookie Based Authentication @harshbothra_

  6. @harshbothra_

  7. Real – Life Case Studies @harshbothra_

  8. Get in Touch at Website – https://harshbothra.tech Twitter - @harshbothra_

    Instagram - @harshbothra_ Medium - @hbothra22 LinkedIn - @harshbothra Facebook - @hrshbothra Email – [email protected] @harshbothra_

  9. THANK YOU!!!