Online Training Special Offer: Get an iPad, ASUS Chromebook or Take $250 Off with Online Training!


To attend this webcast, login to your SANS Account or create your Account.

Cross Origin Resource Sharing: Using CORS to secure AJAX

  • Friday, February 3rd, 2017 at 11:00 AM EST (16:00:00 UTC)
  • Clay Risenhoover
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


JavaScripts XML HTTP request (XHR) is the heart of AJAX: it allows for web pages to dynamically request content, in the background, without user interaction. In this webcast, we will review XHR and its place in AJAX, discuss the same-origin policy and its limitations in modern web applications, and examine the CORS headers that web application defenders can use to better control how cross-origin requests are handled by their applications.

The topic of this webcast is adapted as a sample of the many important web application defense subjects covered in the SANS course DEV522: Defending Web Applications Security Essentials.

Speaker Bio

Clay Risenhoover

Clay is the president of Risenhoover Consulting, Inc., an IT management consulting firm based in Durant, Oklahoma. Founded in 2003, RCI provides IT audit and IT management consulting services to clients in multiple sectors. Clay's past experience includes positions in software development, technical training, LAN and WAN operations, and IT management in both the private and public sector. He is a SANS Certified Instructor, certified public accountant, has a master's degree in computer science and holds a number of technical and security certifications, including GPEN, GWEB, GSSP-NET, GSNA, CISA, CISM, CEH and CISSP.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.