Of CORS It's Exploitable - What's Possible with Cross-Origin Resource Sharing
Offered By: YouTube
Course Description
Overview
Explore the intricacies of Cross-Origin Resource Sharing (CORS) in this 42-minute conference talk from Circle City Con 2019. Delve into REST authentication, cross-origin requests, and CORS request headers for pre-flight. Learn about CORS pre-flight response headers, methods for bypassing CORS, and common pitfalls encountered by testers. Examine a multi-step CORS exploit example and discover effective CORS defenses. Investigate the role of authorization headers in security and gain valuable insights from a comprehensive summary and additional resources provided.
Syllabus
Intro
WHAT DO I DO?
OVERVIEW
WHAT IS REST?
REST AUTHENTICATION
WHAT IS A CROSS-ORIGIN REQUEST?
CORS REQUEST HEADERS FOR PRE-FLIGHT
CORS PRE-FLIGHT RESPONSE HEADERS
BYPASSING CORS
COMMON CORS PITFALLS BY TESTERS
MULTI-STEP CORS EXPLOIT EXAMPLE
CORS DEFENSES
DO AUTHORIZATION HEADERS HELP?
SUMMARY
RESOURCES
Related Courses
Azure for Developers: Implementing and Developing FunctionsLinkedIn Learning Web Security: Same-Origin Policies
LinkedIn Learning Configuring CORS in ASP.NET and ASP.NET Core
Pluralsight Securing and Protecting Your Data in Amazon Simple Storage Service (Amazon S3) (Traditional Chinese)
Amazon Web Services via AWS Skill Builder Securing and Protecting Your Data in Amazon Simple Storage Service (Amazon S3) (Korean)
Amazon Web Services via AWS Skill Builder