Want to learn more about OAuth 2.0 and OpenID Connect?
Save yourself days of digging through dozens of specs with this online course
More informationWe hate cookies!
This page contains the resources for the talk titled 'We hate cookies!'.
Abstract
We hate cookies! A statement like that will get you a bunch of weird looks, except from people who deal with cookie configurations in the modern world. Cookies have a bad rap, and that's not entirely undeserved. Cookie security used to be messy and difficult, and it has only become more complex over the years. Undoubtedly, you've already bumped into broken cookie configurations or spent countless hours trying to figure out the meaning of a certain flag or its proper configuration value. Let's change that!
In this keynote, we dive into the modern security properties of cookies. We'll cover long-standing best practice configurations, such as the Secure and HttpOnly attributes. We also dive into newer options, such as the SameSite attribute or the cookie security prefixes (__Secure- and __Host-). Finally, we travel to the (very) near future and explore the concept of third-party cookie blocking, and how it will affect you. By the end of this keynote, not only will you understand modern cookie security behavior, but you will also be equipped to properly configure cookies for your applications.
About Dr. Philippe De Ryck
Hi, I'm Philippe, and I help developers protect companies through better web security. Learn more about my security training program, advisory services, or check out my recorded conference talks.
Dr. Philippe De Ryck
Hi, I'm Philippe, and I help developers protect companies through better web security. As the founder of Pragmatic Web Security, I travel the world to teach practitioners the ins and outs of building secure software.
Talks and workshops
You will often find me speaking and teaching at public and private events around the world. My talks always encourage developers to step up and get security right.
Articles
Security is often about small nuances. In my articles, I dive deeper into various security topics, providing concrete guidelines and advice. My articles also answer questions I often get while speaking or teaching.
Security resources
Getting security right is all about knowledge. I strongly believe in sharing that knowledge to move forward as a community. Among my resources, you can find developer cheat sheets, recorded talks, and extensive slide decks.
Mailing list
Subscribe to the Pragmatic Web Security mailing list to stay up to date on the latest activities and resources.