Sponsors

Diamond Sponsors

  • Etelos
  • IBM
  • Microsoft

Platinum Sponsors

  • Adobe Systems, Inc.
  • Cynergy
  • Nokia
  • Openmaru Studio
  • WebEx

Gold Sponsors

  • AOL
  • Citrix Systems
  • Coghead
  • Confident Technologies
  • Disney
  • Disney
  • EffectiveUI
  • F5 Networks
  • HCL Technologies
  • Intuit Quickbase
  • Oracle
  • S60
  • Salesforce.com
  • Spinscape
  • Sun Microsystems
  • Symphoniq Corporation
  • TeleAtlas
  • Yahoo! Inc.

Silver Sponsors

  • Amazon Web Services
  • Atlassian Software Systems
  • awareness
  • BroadSoft
  • Curl
  • Denodo
  • Dixero
  • Force10 Networks
  • Humanix Inc.
  • Intel
  • JackBe
  • Jaduka
  • Jive Software
  • Juniper Networks
  • Kapow Technologies
  • Keynote Systems
  • Leverage Software
  • LiquidApps
  • LithiumTechnologies
  • LongJump
  • Morfik
  • Mzinga
  • NeuStar
  • Octopz
  • ONEsite
  • OpSource
  • Panther Express
  • Profy
  • Real Time Content
  • Rearden
  • Rearden Commerce
  • Remy
  • Reply
  • spigit
  • StreamVerse, Inc.
  • StrikeIron
  • XBOSoft
  • Znak

Launch Pad Sponsors

  • O'Reilly Alpha Tech Ventures
  • Panorama Capital

Media Sponsors

  • ACM Queue
  • Berlin Partner
  • BlogHer
  • Business Marketing Association
  • Dr. Dobbs
  • Fast Company
  • GigaOM
  • Juniper Research
  • Mashable
  • MSDN Magazine
  • NewTeeVee
  • Revenue Magazine
  • TechNet
  • Technorati
  • Topix
  • Webware
  • Wired
  • WOW

Sponsor & Exhibitor Opportunities

Vicki Sanders
415-947-6107
vsanders@techweb.com

Download the Web 2.0 Expo San Francisco Sponsor/Exhibitor Prospectus

Media Sponsor Opportunities

Liliana Arancibia
415-947-6179
larancibia@cmp.com

Speaker / Program Ideas

Have a suggestion for a speaker or topic at Web 2.0 Expo San Francisco? Send an email to: sf-idea@web2expo.com

Press/Media Inquiries

confpr@oreilly.com

or

Natalia Wodecki
415-947-6762
NWodecki@cmp.com

Contact Us

View a complete list of Web 2.0 Expo contacts.

Secure Session Management for Web Applications

Chris Palmer (iSEC Partners)
11:00am Friday, 04/25/2008
Development
 Location: 2006
Presentations: Secure Session Management for Web Applications Presentation [PDF],
external link

Strong session management is a crucial part of a secure web application. Since HTTP does not directly provide a session abstraction, application developers must bake their own using cookies.

However, it is surprisingly easy to make a mistake here, even when the application uses a sophisticated application framework. When we perform security reviews of web applications, we almost always find fatal flaws in this area that would allow a malicious person to steal sensitive data, perform fraudulent financial transactions, and generally ruin a user’s day.

Developing an application with secure session management requires developers to understand the few (but crucial) subtleties of cookies—their attributes, their values, and how to keep them confidential—and to understand how real-world attackers are abusing weak session management right now.

In this session we hope to help web application designers, developers, and operators create and deploy secure web applications. (Or at least applications in which session management is not the weakest link!)

Chris Palmer

iSEC Partners

Chris Palmer is a senior security consultant with iSEC Partners, a strategic digital security company. Prior to iSEC, Chris worked for the Electronic Frontier Foundation where he provided technical management and analysis of several key EFF projects and provided technical advice to EFF (and other) lawyers. Prior to the EFF, Chris built web applications.