BSides Vancouver 2026

Session Access Control - The Missing Validation Layer: The MCP specification explicitly distinguishes sessions from authentication but provides minimal prescriptive guidance on authorization enforcement. This session will explore the theoretical security implications of this design, where session IDs function similarly to bearer tokens but without the typical security controls.

The SDK Security Gap: An analysis of current MCP SDK implementations reveals an inconsistency in how session security is handled. While the specification provides various validations, most SDK implementations provide only basic checks, leaving critical validation decisions to developers without clear documentation or guidance.

Session Hijacking in MCP - Risks and Mitigations: We will examine how traditional session hijacking attacks apply to MCP's stateful transport model. This includes analyzing attack vectors where unauthorized parties gain access to valid session IDs, the potential impact on server-side resources and data exposure, and practical mitigation strategies. Through architectural examples, we will demonstrate defense-in-depth approaches including session-to-user binding, duplicate connection prevention, session expiration mechanisms, and proper validation patterns that developers can implement regardless of their chosen SDK.