Same-origin policy: The core of web security @ OWASP Wellington
This session we've got Kirk Jackson from RedShield presenting, and he's going to introduce the same-origin policy that underpins browser security.
Abstract:
The "same-origin policy" is a loosely defined set of rules that has evolved over the years since javascript was first introduced in 1995.
In this talk, Kirk will explain how origins work in your web browser, and why they are the fundamental protection against attacks like cross-site request forgery.
Along the way we'll look at how you can leverage the same-origin policy to protect data on your site, and how you can bend it to your will to allow functionality to be hosted on multiple urls -- such as cross-origin resource sharing (CORS), PostMessage and JSONP.
Speaker Bio:
Kirk is an application security analyst and researcher at RedShield, where he protects vulnerable web apps for a living. Kirk organises the Wellington OWASP meetup, helps organise the OWASP NZ Day conference, and has presented at various conferences, meetups and code camps in New Zealand and overseas - usually on the topics of developer security and web security.
Live-stream:
This video will kick off at about 6pm on Monday 2 October and live-stream the session. After the session concludes you'll be able to watch at your leisure.
Видео Same-origin policy: The core of web security @ OWASP Wellington канала Kirk Jackson
Abstract:
The "same-origin policy" is a loosely defined set of rules that has evolved over the years since javascript was first introduced in 1995.
In this talk, Kirk will explain how origins work in your web browser, and why they are the fundamental protection against attacks like cross-site request forgery.
Along the way we'll look at how you can leverage the same-origin policy to protect data on your site, and how you can bend it to your will to allow functionality to be hosted on multiple urls -- such as cross-origin resource sharing (CORS), PostMessage and JSONP.
Speaker Bio:
Kirk is an application security analyst and researcher at RedShield, where he protects vulnerable web apps for a living. Kirk organises the Wellington OWASP meetup, helps organise the OWASP NZ Day conference, and has presented at various conferences, meetups and code camps in New Zealand and overseas - usually on the topics of developer security and web security.
Live-stream:
This video will kick off at about 6pm on Monday 2 October and live-stream the session. After the session concludes you'll be able to watch at your leisure.
Видео Same-origin policy: The core of web security @ OWASP Wellington канала Kirk Jackson
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Thinking like an Attacker (Hacking your own organisation) - Nick Le Mouton
Evil Pickles: DoS Attacks Based on Object-Graph Engineering - Jens Dietrich
OWASP NZ Day 2019: OWASP Software Assurance Maturity Model (SAMM) 2.0
OWASP NZ Day 2019: NoHolidayChurchGenius: Password Security with 2020 Vision
security.ac.nz 2019 - Kirk Jackson - Don’t Trust User Input
OWASP NZ Day 2019: Sharing Is Caring: A Beginner's Guide to Security in the Cloud
OWASP Wellington - Keeping secrets secret - Olly Ewert
OWASP NZ Day 2019: CTF: The Gateway Drug
security.ac.nz 2019 - Toni James - The Pentesting Process - Don’t do crimes
Root Cause is the Best Cause - Adrian Hayes
The Magical World of Cloud Security - Erica Anderson
From JSONP to XSS persistence - Claudio Contin
security.ac.nz 2019 - John DiLeo - Security Considerations for Mobile Apps and APIs
Enough with XSS, let's talk about something else? - Karan Sharma
security.ac.nz 2019 - Erica Anderson - Security in “the cloud”
OWASP NZ Day 2019: Cloud Catastrophes and How to Avoid Them
Huzzer, the tree based generational mutating HTTP fuzzer - Matthew Daley
Offensive Defence - Chris Berry
OWASP NZ Day 2019: How Do I Content Security Policy?
Pizza Roulette - Catherine McIlvride and Fiona Sasse
security.ac.nz 2019 - Alex Nikolova - Trust (& how the internet works)