Same-origin policy: The core of web security @ OWASP Wellington
This session we've got Kirk Jackson from RedShield presenting, and he's going to introduce the same-origin policy that underpins browser security.
Abstract:
The "same-origin policy" is a loosely defined set of rules that has evolved over the years since javascript was first introduced in 1995.
In this talk, Kirk will explain how origins work in your web browser, and why they are the fundamental protection against attacks like cross-site request forgery.
Along the way we'll look at how you can leverage the same-origin policy to protect data on your site, and how you can bend it to your will to allow functionality to be hosted on multiple urls -- such as cross-origin resource sharing (CORS), PostMessage and JSONP.
Speaker Bio:
Kirk is an application security analyst and researcher at RedShield, where he protects vulnerable web apps for a living. Kirk organises the Wellington OWASP meetup, helps organise the OWASP NZ Day conference, and has presented at various conferences, meetups and code camps in New Zealand and overseas - usually on the topics of developer security and web security.
Live-stream:
This video will kick off at about 6pm on Monday 2 October and live-stream the session. After the session concludes you'll be able to watch at your leisure.
Видео Same-origin policy: The core of web security @ OWASP Wellington канала Kirk Jackson
Abstract:
The "same-origin policy" is a loosely defined set of rules that has evolved over the years since javascript was first introduced in 1995.
In this talk, Kirk will explain how origins work in your web browser, and why they are the fundamental protection against attacks like cross-site request forgery.
Along the way we'll look at how you can leverage the same-origin policy to protect data on your site, and how you can bend it to your will to allow functionality to be hosted on multiple urls -- such as cross-origin resource sharing (CORS), PostMessage and JSONP.
Speaker Bio:
Kirk is an application security analyst and researcher at RedShield, where he protects vulnerable web apps for a living. Kirk organises the Wellington OWASP meetup, helps organise the OWASP NZ Day conference, and has presented at various conferences, meetups and code camps in New Zealand and overseas - usually on the topics of developer security and web security.
Live-stream:
This video will kick off at about 6pm on Monday 2 October and live-stream the session. After the session concludes you'll be able to watch at your leisure.
Видео Same-origin policy: The core of web security @ OWASP Wellington канала Kirk Jackson
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Thinking like an Attacker (Hacking your own organisation) - Nick Le MoutonEvil Pickles: DoS Attacks Based on Object-Graph Engineering - Jens DietrichOWASP NZ Day 2019: OWASP Software Assurance Maturity Model (SAMM) 2.0OWASP NZ Day 2019: NoHolidayChurchGenius: Password Security with 2020 Visionsecurity.ac.nz 2019 - Kirk Jackson - Don’t Trust User InputOWASP NZ Day 2019: Sharing Is Caring: A Beginner's Guide to Security in the CloudOWASP Wellington - Keeping secrets secret - Olly EwertOWASP NZ Day 2019: CTF: The Gateway Drugsecurity.ac.nz 2019 - Toni James - The Pentesting Process - Don’t do crimesRoot Cause is the Best Cause - Adrian HayesThe Magical World of Cloud Security - Erica AndersonFrom JSONP to XSS persistence - Claudio Continsecurity.ac.nz 2019 - John DiLeo - Security Considerations for Mobile Apps and APIsEnough with XSS, let's talk about something else? - Karan Sharmasecurity.ac.nz 2019 - Erica Anderson - Security in “the cloud”OWASP NZ Day 2019: Cloud Catastrophes and How to Avoid ThemHuzzer, the tree based generational mutating HTTP fuzzer - Matthew DaleyOffensive Defence - Chris BerryOWASP NZ Day 2019: How Do I Content Security Policy?Pizza Roulette - Catherine McIlvride and Fiona Sassesecurity.ac.nz 2019 - Alex Nikolova - Trust (& how the internet works)