Of CORS It's Exploitable - What's Possible with Cross-Origin Resource Sharing
Offered By: YouTube
Course Description
Overview
Explore the intricacies of Cross-Origin Resource Sharing (CORS) in this 42-minute conference talk from Circle City Con 2019. Delve into REST authentication, cross-origin requests, and CORS request headers for pre-flight. Learn about CORS pre-flight response headers, methods for bypassing CORS, and common pitfalls encountered by testers. Examine a multi-step CORS exploit example and discover effective CORS defenses. Investigate the role of authorization headers in security and gain valuable insights from a comprehensive summary and additional resources provided.
Syllabus
Intro
WHAT DO I DO?
OVERVIEW
WHAT IS REST?
REST AUTHENTICATION
WHAT IS A CROSS-ORIGIN REQUEST?
CORS REQUEST HEADERS FOR PRE-FLIGHT
CORS PRE-FLIGHT RESPONSE HEADERS
BYPASSING CORS
COMMON CORS PITFALLS BY TESTERS
MULTI-STEP CORS EXPLOIT EXAMPLE
CORS DEFENSES
DO AUTHORIZATION HEADERS HELP?
SUMMARY
RESOURCES
Related Courses
Network SecurityGeorgia Institute of Technology via Udacity Proactive Computer Security
University of Colorado System via Coursera Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery
(ISC)² via Coursera Hacker101
HackerOne via Independent CNIT 127: Exploit Development
CNIT - City College of San Francisco via Independent