Security Implications of Cross-Origin Resource Sharing - HTML5 and CORS Analysis
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the security implications of Cross-Origin Resource Sharing (CORS) in HTML5 through this in-depth conference talk from AppSecEU 2014. Delve into how CORS allows websites to load resources from other domains, even in restricted environments, using browser-saved authentication tokens. Examine the effects on various Internet actors, new trust relationships, and the breaking of same-origin policy. Learn about CORS functionality, its predecessor JSON-P, and conduct a threat analysis to understand its impact on traditional XmlHttpRequests. Discover how CORS introduces new attack vectors and transforms well-known attacks like Cross-Site Request Forgery and Cross-Site Tracing. Witness live demonstrations of these security risks and gain insights into mitigating them. Acquire knowledge on properly handling CORS and building secure web applications that leverage its features without compromising user data.
Syllabus
Gergely Revay - Security Implications of Cross-Origin Resource Sharing
Taught by
OWASP Foundation
Related Courses
Web Security: Same-Origin PoliciesLinkedIn Learning Client-Side Protection Against DOM-Based XSS Done Right
OWASP Foundation via YouTube CSP Pitfalls and Gotchas
OWASP Foundation via YouTube The "Web/Local" Boundary Is Fuzzy - A Security Study of Chrome's Process-based Sandboxing
Association for Computing Machinery (ACM) via YouTube Browsers Gone Wild
Black Hat via YouTube