Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Of CORS It's Exploitable - What's Possible with Cross-Origin Resource Sharing

via YouTube

Overview

Explore the intricacies of Cross-Origin Resource Sharing (CORS) in this 42-minute conference talk from Circle City Con 2019. Delve into REST authentication, cross-origin requests, and CORS request headers for pre-flight. Learn about CORS pre-flight response headers, methods for bypassing CORS, and common pitfalls encountered by testers. Examine a multi-step CORS exploit example and discover effective CORS defenses. Investigate the role of authorization headers in security and gain valuable insights from a comprehensive summary and additional resources provided.

Syllabus

Intro
WHAT DO I DO?
OVERVIEW
WHAT IS REST?
REST AUTHENTICATION
WHAT IS A CROSS-ORIGIN REQUEST?
CORS REQUEST HEADERS FOR PRE-FLIGHT
CORS PRE-FLIGHT RESPONSE HEADERS
BYPASSING CORS
COMMON CORS PITFALLS BY TESTERS
MULTI-STEP CORS EXPLOIT EXAMPLE
CORS DEFENSES
DO AUTHORIZATION HEADERS HELP?
SUMMARY
RESOURCES

Reviews

Start your review of Of CORS It's Exploitable - What's Possible with Cross-Origin Resource Sharing

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.