February Meeting – The little-known horrors of web application session management (Matthew Sullivan)

Topic: The little-known horrors of web application session management
Speaker: Matthew Sullivan (Senior Security Engineer, Workiva)
Date: Wednesday, February 17th
Time: 6-7pm (doors open at 5:30)
Where: Workiva (2900 University Blvd, Ames)
Abstract
Web application session management sounds pretty straightforward, right?  Send creds, get a cookie, send the cookie on subsequent requests, and you’re in.  While that may be true, it’s only half of the (horror) story.
In this technical, example-driven talk, we’ll dive into session management issues in a manner friendly to both newbies and veterans alike.  We’ll describe some of the more common web app session management issues, discover industry trends (“I don’t need no stinkin’ database!”), detail some of the new directions in session management security.  I’ll wrap up the talk by demonstrating some ways in which web app sessions can be made more resilient to attacks.
Bio
Matthew Sullivan is an Iowa State University alumnus (BS/MS) and has been at Workiva for 3 years. He has previously held security-related positions in education and transportation. Matt has given talks at several security-related venues, and presented his graduate work (Cookie Cadger) at the DerbyCon security conference in Louisville, Kentucky. He was one of the leading voices during the response to Heartbleed, and was interviewed about its impact by WIRED magazine.
2016 Meeting Dates
  • Feb 17
  • May 18
  • Aug 17
  • Nov 16