Speaker: Kaan Onarlıoglu
Title: Web Application Security 2.0
Date/Time: 29 December 2021 / 13:40 - 14:30 pm
Abstract:The web security community has painstakingly built the know-how to design secure systems on the Internet. We now watch that all fall apart with a new wave of web application attacks. In this talk, I will quickly introduce Web Cache Deception and HTTP Request Smuggling -- emerging attacks that Internet infrastructure providers lose sleepover. More importantly, I will explain why we must change our traditional approach to security to even begin thinking about addressing these new challenges. This is Web Application Security 2.0. No security background is necessary for this session, but the fundamentals of how the Internet works are helpful.
Bio: Kaan Onarlioglu is Senior Architect with Akamai's Security Intelligence team, and part-time faculty at Northeastern University's Khoury College of Computer Sciences. During the day he helps Akamai engineers build a secure CDN. At night he dons his white coat and leads an international team of scientists on academic research projects. Dr. Onarlioglu is active in many branches of systems security research, with a focus on exploring the human factors therein and engineering practical technologies. Previously working in the operating systems and privacy domains, these days he is oddly excited about the resurgent web cache attacks. Dr. Onarlioglu holds a Ph.D. in Information Assurance / Cybersecurity from Northeastern University, Boston, and MS & BS degrees in Computer Engineering from Bilkent University, Ankara.