Mark Hoopes
Mark Hoopes has been an Application Pentester for more than 10 years and has worked in enterprise IT for more than 20. He has presented at multiple conferences as a speaker and instructor. He was sucked into the security industry by a CTF and continues to be a strong proponent of hands-on training. He is currently a chapter leader of OWASP Boulder and the managing principal at a consultancy that specializes in... pentesting and training.
Session
Ever since cookies were invented 30 years ago there has been a battle to protect them from theft and abuse. Browser designers add defensive features and attackers come up with novel ways to circumvent those defenses, steal session cookies, and become a clone of their victims. This talk will speed-run that arms race, highlighting why many of the old-school defenses remain valuable. And the race is not over. We'll also step through the mechanics of Google's proposed Device Bound Session Credentials which would be game changing... if anyone else chooses to support them.