A Hacker's Perspective: Cross-Origin Resource Sharing

Do you know what Cross-Origin Resource Sharing (CORS) is? How about a preflight request? Do you understand how a poorly configured CORS policy can lead to substantial security issues? In this session, you will get an overview of CORS basics and a rundown of what can go wrong from the perspective of a professional pentester. You will also get some live demonstrations of how it works, including the various CORS policy headers, preflight requests. This session is for anyone building or testing web applications and needs a solid understanding of CORS-related security issues and best practices.