Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example

Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example, Tim Bass (OWASP Thailand Chapter)

Proxy caches, combined with poorly written session management code, can easily lead to serious Internet security breaches. Web application developers cannot know whether their content is consumed directly or via a proxy cache. Developers cannot assume that the HTTP responses will be delivered to the intended browser. Moreover, developers cannot be sure that the intended browser even receives the intented content. Consequently, proxy caches are a serious theat to web application security. In the presentation, we will discuss the recent security breach Tim found in Google Docs and review web application security and session management topics related to proxy caching.