Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Misconfigured CORS and Web Application Security Challenges

OWASP Foundation via YouTube

Overview

Explore a conference talk from AppSecUSA 2016 that delves into the complexities of web application security, focusing on misconfigured CORS (Cross-Origin Resource Sharing) and its implications. Learn about the challenges of implementing advanced browser security features and HTTP response headers, as the speaker shares a personal story of discovering a significant vulnerability affecting approximately 1000 websites from the Alexa top 1 million. Gain insights into the intricacies of CORS headers and the operational issues associated with various security technologies such as CSP, HPKP, HSTS, and SRI. Understand the importance of mastering the basics before implementing advanced security features, and consider the speaker's perspective on the utility of these features for most websites. Benefit from the expertise of Evan Johnson, a Security Systems Engineer at CloudFlare, as he shares his experiences and insights in this 40-minute presentation.

Syllabus

Evan Johnson - Misconfigured CORS and why web appsec is not getting easier - AppSecUSA 2016

Taught by

OWASP Foundation

Reviews

Start your review of Misconfigured CORS and Web Application Security Challenges

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.