In the Same Site We Trust: Navigating the Landscape of Client-side Request Hijacking on the Web | An OWASP AppSec Global Lisbon 2024 Conversation with Soheil Khodayari | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine Podcast Network

内容由ITSPmagazine, Sean Martin, and Marco Ciappelli提供。所有播客内容（包括剧集、图形和播客描述）均由 ITSPmagazine, Sean Martin, and Marco Ciappelli 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品，您可以按照此处概述的流程进行操作https://zh.player.fm/legal。

9d ago 16:32

MP3•单集首页

Guest: Soheil Khodayari, Security Researcher, CISPA - Helmholtz Center for Information Security [@CISPA]

On LinkedIn | https://www.linkedin.com/in/soheilkhodayari/

On Twitter | https://x.com/Soheil__K

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location with Sean and Marco, co-host Sean Martin embarks on a solo journey to cover the OWASP AppSec Global event in Lisbon. Sean welcomes Soheil Khodayari, a security researcher at the CISPA Helmholtz Center for Information Security in Saarland, Germany, to discuss the intricacies of web security, particularly focusing on request forgery attacks.

They dive into Soheil’s background, noting his extensive research in web security and privacy, with interests spanning vulnerability detection, internet measurements, browser security, and new testing techniques. Soheil aims to share valuable insights on request forgery attacks, a prevalent issue in web security that continues to challenge developers and security professionals alike.

The conversation transitions to an in-depth exploration of client-side request forgery and how these attacks differ from traditional cross-site request forgery (CSRF). Soheil elaborates on the evolution of web applications and how shifting functionalities to client-side code has introduced new, complex vulnerabilities. He identifies the critical role of input validation and the resurgence of issues related to improper handling of user inputs, which attackers can exploit to cause unintended actions on authenticated sessions.

As they prepare for the upcoming OWASP Global AppSec event, Soheil highlights his session, titled "In the Same Site We Trust: Navigating the Landscape of Client-Side Request Hijacking on the Web," scheduled for Thursday, June 27th. He emphasizes the relevance of the session for developers and security professionals who are eager to learn about modern request hijacking techniques, defense mechanisms, and how to detect these vulnerabilities using automated tools.

The discussion touches on the landscape of modern browsers, the effectiveness of same-site cookies as a defense-in-depth strategy, and the limitations of these measures in preventing client-side CSRF attacks. Soheil mentions the development of a vulnerability detection tool designed to mitigate these sophisticated threats and invites attendees to integrate such tools into their CI/CD pipelines for enhanced security.

Sean and Soheil ultimately reflect on the importance of understanding the nuances of web application security. They encourage listeners to attend the session, engage with the community, and explore advanced security practices to safeguard their applications against evolving threats. This engaging episode sets the stage for a deep dive into the technical aspects of web security at the OWASP Global AppSec event.

Top Questions Addressed

What are request forgery attacks and how have they evolved over time?
How do modern browsers and applications handle security against these attacks?
What will Soheil Khodayari's session at OWASP Global AppSec cover and who should attend?

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV

Be sure to share and subscribe!

____________________________

Resources

In the Same Site We Trust: Navigating the Landscape of Client-side Request Hijacking on the Web (Session): https://owaspglobalappseclisbon2024.sched.com/event/1VdAy/in-the-same-site-we-trust-navigating-the-landscape-of-client-side-request-hijacking-on-the-web

Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

620集单集