Explore the security implications of Cross-Origin Resource Sharing (CORS) in HTML5 through this in-depth conference talk from AppSecEU 2014. Delve into how CORS allows websites to load resources from other domains, even in restricted environments, using browser-saved authentication tokens. Examine the effects on various Internet actors, new trust relationships, and the breaking of same-origin policy. Learn about CORS functionality, its predecessor JSON-P, and conduct a threat analysis to understand its impact on traditional XmlHttpRequests. Discover how CORS introduces new attack vectors and transforms well-known attacks like Cross-Site Request Forgery and Cross-Site Tracing. Witness live demonstrations of these security risks and gain insights into mitigating them. Acquire knowledge on properly handling CORS and building secure web applications that leverage its features without compromising user data.
Security Implications of Cross-Origin Resource Sharing - HTML5 and CORS Analysis
Overview
Syllabus
Gergely Revay - Security Implications of Cross-Origin Resource Sharing
Taught by
OWASP Foundation
Related Courses
-
The Past, Present, and Future of Cross-Site - Cross-Origin Request Forgery
-
The Past, Present, and Future of Cross-Site and Cross-Origin Request Forgery
-
Cross Origin Resource Sharing - Explained by Example
-
Of CORS It's Exploitable - What's Possible with Cross-Origin Resource Sharing
-
Surfing the Sea and Drowning in Tabs - An Introduction to Cross Site Request Forgery
-
Dissecting CSRF Attacks & Countermeasures
