Explore a conference talk from AppSecUSA 2016 that delves into the complexities of web application security, focusing on misconfigured CORS (Cross-Origin Resource Sharing) and its implications. Learn about the challenges of implementing advanced browser security features and HTTP response headers, as the speaker shares a personal story of discovering a significant vulnerability affecting approximately 1000 websites from the Alexa top 1 million. Gain insights into the intricacies of CORS headers and the operational issues associated with various security technologies such as CSP, HPKP, HSTS, and SRI. Understand the importance of mastering the basics before implementing advanced security features, and consider the speaker's perspective on the utility of these features for most websites. Benefit from the expertise of Evan Johnson, a Security Systems Engineer at CloudFlare, as he shares his experiences and insights in this 40-minute presentation.
Misconfigured CORS and Web Application Security Challenges
Overview
Syllabus
Evan Johnson - Misconfigured CORS and why web appsec is not getting easier - AppSecUSA 2016
Taught by
OWASP Foundation
Related Courses
-
Configuring CORS in ASP.NET and ASP.NET Core
-
Exploiting CORS Misconfigurations for Bitcoins and Bounties
-
Next Gen Web Pen Testing - Handling Modern Applications in a Penetration Test
-
Browser Security and HTTP Headers - Attacks and Protections in Action
-
Configuring CORS in Spring Boot and Spring Security
-
Web Application Security - Browsers Fight Back
