YoVDO

Exploiting CORS Misconfigurations for Bitcoins and Bounties

Offered By: OWASP Foundation via YouTube

Tags

Web Security Courses Penetration Testing Courses Open Redirect Courses API Security Courses Cache Poisoning Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the intricacies of Cross-Origin Resource Sharing (CORS) misconfigurations and their potential for exploitation in this 46-minute conference talk from AppSecUSA 2016. Delve into the dangerous subtleties buried within the CORS specification as James Kettle, Head of Research at PortSwigger Web Security, shares real-world examples of how these vulnerabilities can be leveraged to steal bitcoins from exchanges, partially bypass Google's HTTPS implementation, and obtain API keys from various websites. Learn how CORS blunders can be pivotal in crafting exploit chains, poisoning server and client-side caches, and escalating open redirects into notable security risks. Gain insights into the collaboration between CORS specifications and implementations in both protecting and inadvertently exposing developers to security risks. Discover proposed solutions and mitigations aimed at specification authors, browser vendors, developers, and pentesters to address these security challenges.

Syllabus

James Kettle - Exploiting CORS Misconfigurations for Bitcoins and Bounties - AppSecUSA 2016


Taught by

OWASP Foundation

Related Courses

Bug Bounty In Hindi
YouTube
Secure Development, Programming, and Coding with Veracode
Cybrary
Live Recon on Rockstar Games - Vulnerability Testing Methodology
NahamSec via YouTube
Practical Attacks Using HTTP Request Smuggling
NahamSec via YouTube
Exploiting CORS Misconfigurations for Bitcoins and Bounties - AppSec EU 2017
OWASP Foundation via YouTube