Overview
Explore the security implications of Cross-Origin Resource Sharing (CORS) in HTML5 through this in-depth conference talk from AppSecEU 2014. Delve into how CORS allows websites to load resources from other domains, even in restricted environments, using browser-saved authentication tokens. Examine the effects on various Internet actors, new trust relationships, and the breaking of same-origin policy. Learn about CORS functionality, its predecessor JSON-P, and conduct a threat analysis to understand its impact on traditional XmlHttpRequests. Discover how CORS introduces new attack vectors and transforms well-known attacks like Cross-Site Request Forgery and Cross-Site Tracing. Witness live demonstrations of these security risks and gain insights into mitigating them. Acquire knowledge on properly handling CORS and building secure web applications that leverage its features without compromising user data.
Syllabus
Gergely Revay - Security Implications of Cross-Origin Resource Sharing
Taught by
OWASP Foundation