Overview
Explore the intricacies of Cross-Origin Resource Sharing (CORS) in this 42-minute conference talk from Circle City Con 2019. Delve into REST authentication, cross-origin requests, and CORS request headers for pre-flight. Learn about CORS pre-flight response headers, methods for bypassing CORS, and common pitfalls encountered by testers. Examine a multi-step CORS exploit example and discover effective CORS defenses. Investigate the role of authorization headers in security and gain valuable insights from a comprehensive summary and additional resources provided.
Syllabus
Intro
WHAT DO I DO?
OVERVIEW
WHAT IS REST?
REST AUTHENTICATION
WHAT IS A CROSS-ORIGIN REQUEST?
CORS REQUEST HEADERS FOR PRE-FLIGHT
CORS PRE-FLIGHT RESPONSE HEADERS
BYPASSING CORS
COMMON CORS PITFALLS BY TESTERS
MULTI-STEP CORS EXPLOIT EXAMPLE
CORS DEFENSES
DO AUTHORIZATION HEADERS HELP?
SUMMARY
RESOURCES