YoVDO

Misconfigured CORS and Web Application Security Challenges

Offered By: OWASP Foundation via YouTube

Tags

Web Application Security Courses Application Security (AppSec) Courses HTTP Headers Courses CORS Courses Vulnerability Assessment Courses Browser Security Courses Security Engineering Courses Cloudflare Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a conference talk from AppSecUSA 2016 that delves into the complexities of web application security, focusing on misconfigured CORS (Cross-Origin Resource Sharing) and its implications. Learn about the challenges of implementing advanced browser security features and HTTP response headers, as the speaker shares a personal story of discovering a significant vulnerability affecting approximately 1000 websites from the Alexa top 1 million. Gain insights into the intricacies of CORS headers and the operational issues associated with various security technologies such as CSP, HPKP, HSTS, and SRI. Understand the importance of mastering the basics before implementing advanced security features, and consider the speaker's perspective on the utility of these features for most websites. Benefit from the expertise of Evan Johnson, a Security Systems Engineer at CloudFlare, as he shares his experiences and insights in this 40-minute presentation.

Syllabus

Evan Johnson - Misconfigured CORS and why web appsec is not getting easier - AppSecUSA 2016


Taught by

OWASP Foundation

Related Courses

Auditing Your Security with AWS Trusted Advisor
Amazon Web Services via AWS Skill Builder AWS Security Best Practices: Overview (Portuguese)
Amazon Web Services via AWS Skill Builder AWS Security Incident Response - Compromised IAM Credentials Use Case
Amazon Web Services via AWS Skill Builder AWS Security Incident Response Overview
Amazon Web Services via AWS Skill Builder Choosing Between Amazon EC2 and Amazon Lightsail (Indonesian) (Na)
Amazon Web Services via AWS Skill Builder