Same-origin policy: The core of web security @ OWASP Wellington

Показать описание

This session we've got Kirk Jackson from RedShield presenting, and he's going to introduce the same-origin policy that underpins browser security.

Abstract:

The "same-origin policy" is a loosely defined set of rules that has evolved over the years since javascript was first introduced in 1995.

In this talk, Kirk will explain how origins work in your web browser, and why they are the fundamental protection against attacks like cross-site request forgery.

Along the way we'll look at how you can leverage the same-origin policy to protect data on your site, and how you can bend it to your will to allow functionality to be hosted on multiple urls -- such as cross-origin resource sharing (CORS), PostMessage and JSONP.

Speaker Bio:

Kirk is an application security analyst and researcher at RedShield, where he protects vulnerable web apps for a living. Kirk organises the Wellington OWASP meetup, helps organise the OWASP NZ Day conference, and has presented at various conferences, meetups and code camps in New Zealand and overseas - usually on the topics of developer security and web security.

Live-stream:

This video will kick off at about 6pm on Monday 2 October and live-stream the session. After the session concludes you'll be able to watch at your leisure.

Рекомендации по теме

Комментарии

It's like I can physically feel my brain growing from this knowledge. Thank you.

roboedar

0:01 Introduction
2:10 What is an origin?
3:13 What is the same origin?
4:18 Same-origin policy
19:53 Why is same-origin policy important?
20:57 How does it apply to ___ ?
21:54 How does SOP apply to anchors?
22:28 How does SOP appy to forms?
24:54 How does SOP apply to images?
25:51 How does SOP apply to CSS?
27:32 How does SOP apply to JavaScript includes?
28:58 How does SOP apply to JSONP?
31:55 How does SOP apply to web storage?
34:40 How does SOP apply to cookies?
38:31 How does SOP apply to windows, frames and iframes?
40:36 How does SOP apply to XMLHttpRequest?
43:49 How does SOP apply to Java, Flash, PDF, Silverlight?
45:10 Getting around same-origin policy
45:53 Using PostMessage to communicate between frames
52:48 Using Cross-Origin Resource Sharing (CORS)
57:48 How to?
58:52 How to: Get data from another site?
58:47 How to: Isolate user content?
1:00:19 How to: Share cookies?
1:01:31 Limitations
1:03:04 Conclusion

mohideenabdulkatheerm

Thank you! This is one of the best tutorial/talk on SOP I have ever seen!

ys

this is the best video on SOP and CORS on the whole internet. Thank you a million.

zeqqmmq

Thank, it was so clear! Helped me a lot with class I'm taking.

keliliu

Excellent explanation into the subjects, answers all my questions.

sto

This was fantastic. Really long video but was so easy to watch and explained what I couldn’t grasp from 10 other 10-20 minute videos and countless documents of thousands of words. Thank you so much! Obviously solid and even casual grasp of this complex stuff

stolensentience

Excellent! Very clear. Thank you very much.

cliffmathew

Certainly one of the best videos. Good one !

ravivashatkar

This is excellent material! I finally understand this complicated concept. Thanks!

arindamgupta

Fantastic, subscribed immediately. Thank you for this!

CodaJohnPaul

Thank you, Best vedio ever seen in SOP

bafellah

Best video on SOP. Thank you. Please keep posting these type of videos

manis

Super useful and well presented. Fundamentals of web app security.

nikosc

Such an insightful video .Watched it couple of times to get a grasp of each minute

venkaraj

Great content explained wonderfully thank you

saideepakaleti

Thank you very much for this wonderful talk. Very interesting, those rules and concepts are not taught enough in web development training courses wheareas it is fundamental

GalileoGalilei

why didn't YT show this to me earlier..??!! Amazing work.

VamsiKrishna-ythi

Hi, this course is amazing ! Would you share the demo source code of html and javascript?

weihaoguo

can we have a link to that presentation please?

chethanb

Same-origin policy: The core of web security @ OWASP Wellington

Same-origin policy: The core of web security @ OWASP Wellington

The Same Origin Policy - Hacker History

Same Origin Policy explained | what is Same Origin policy?

CSRF Introduction and what is the Same-Origin Policy? - web 0x04

Same Origin Policy & how it can be handled by Selenium WebDriver (Selenium Interview Question #1...

Same Origin Policy (SOP)

What is Same-Origin Policy?

Same-Origin Policy (SOP)

Same-origin policy | CORS | Web Security model 🌍

Lesson 19 Same origin policy

What is Same-Origin policy? How is it related to selenium? | Selenium Architecture

Что такое CORS и зачем он нужен? По простому

HTML5 Security Part 1/3 - Same Origin Policy Basics

Learn CORS In 6 Minutes

Same Origin Policy Protection (Video solution)

How Abusing Docker API Led to Remote Code Execution, Same Origin Bypass & more

WebApp Pentesting - 21 Same Origin Policy

Same-Origin Policy (SOP) Explained

CORS, Preflight Request, OPTIONS Method | Access Control Allow Origin Error Explained

What is the same-origin policy and how is it handled? | Pradeep Nailwal

Same Origin Method Execution (SOME) - Exploiting a Callback for Same Origin Policy Bypass

How did Selenium RC trick browsers to overcome Same origin policy?

Understanding the Same-Origin Policy and CORS - OWASP LATAM@Home 2021

Lecture 10: Same Origin Policy I