Laurence Tennant
Cross-Site WebSocket Hijacking (CSWSH) is a powerful yet underexplored vulnerability in modern web applications. This talk looks at how advancements in browser security, such as SameSite cookie defaults, Total Cookie Protection, and Private Network Access, have reshaped its exploitability. Through real-world case studies from past security assessments, we'll examine scenarios where CSWSH attacks succeeded, but would now be mitigated by contemporary browser features. Attendees will gain insights into the prerequisites for successful CSWSH exploitation, understand the implications of browser security enhancements, and learn best practices for securing WebSocket implementations against such attacks.
Laurence Tennant
Include Security Consultant, CryptoHack Co-Founder
Laurence is an application security consultant at Include Security with a broad range of interests. He is the co-founder of CryptoHack, a popular cryptography challenge platform. He got addicted to CTFs at university and has been learning as much as he can about web, cryptography, network, and infrastructure security since then. In his spare time he loves going on cycling and hiking trips.