Explore the intricacies of Cross-Origin Resource Sharing (CORS) in this 42-minute conference talk from Circle City Con 2019. Delve into REST authentication, cross-origin requests, and CORS request headers for pre-flight. Learn about CORS pre-flight response headers, methods for bypassing CORS, and common pitfalls encountered by testers. Examine a multi-step CORS exploit example and discover effective CORS defenses. Investigate the role of authorization headers in security and gain valuable insights from a comprehensive summary and additional resources provided.
Overview
Syllabus
Intro
WHAT DO I DO?
OVERVIEW
WHAT IS REST?
REST AUTHENTICATION
WHAT IS A CROSS-ORIGIN REQUEST?
CORS REQUEST HEADERS FOR PRE-FLIGHT
CORS PRE-FLIGHT RESPONSE HEADERS
BYPASSING CORS
COMMON CORS PITFALLS BY TESTERS
MULTI-STEP CORS EXPLOIT EXAMPLE
CORS DEFENSES
DO AUTHORIZATION HEADERS HELP?
SUMMARY
RESOURCES
Related Courses
-
Cross Origin Resource Sharing - Explained by Example
-
Cross Origin Resource Sharing Kung Fu
-
Security Implications of Cross-Origin Resource Sharing - HTML5 and CORS Analysis
-
The Past, Present, and Future of Cross-Site - Cross-Origin Request Forgery
-
Surfing the Sea and Drowning in Tabs - An Introduction to Cross Site Request Forgery
