Web security 101 (or: how to hack security conferences)

A session at SIGINT 2013

  • Sander Bos

Friday 5th July, 2013

3:00pm to 3:45pm (CET)

The vulnerable nature of Web applications was found out to apply even
to security conferences.

After finding a severe security issue in a particular conference's
Web system, it was discovered that the issue in fact wasn't local
to that conference. Moreover, while investigating the issue, other
security issues were found, being a mix of programming choices/errors, insecure application defaults, and server configuration issues.

What followed was a journey into the world of Web security: HTTP sessions and its management, cookies, cookie sniffing possibilities, cookie manipulation and replaying, HTTPS failures, session hijacking and fixation scenarios, and the combined knowledge of the above: the potential of becoming admin in several conferences' Web systems.

This talk will cover the aspects above, include a practical demonstration of them, and explain how things were (hopefully?) fixed. It also includes some thoughts on secure programming and risks involved in code forking.

About the speaker

This person is speaking at this event.
Sander Bos

Next session in Vortragsraum

4pm Remote Exploits für die Briefwahl in Deutschland by Arnim Rupp

Sign in to add slides, notes or videos to this session


Germany Germany, Cologne

5th7th July 2013

Tell your friends!


Time 3:00pm3:45pm CET

Date Fri 5th July 2013


Vortragsraum, KOMED

Short URL


Official session page


View the schedule



See something wrong?

Report an issue with this session