Code for this blog can be found on github at

Thursday, January 23, 2014

Exploiting Encrypted Cookies

Rob Winch wrote a cool article about why encrypting cookies just isn't enough to keep your app safe.  He even provided code to demonstrate the exploit!

This just scratches the surface, but is one step to understanding what a good cookie looks like.