Don't Miss Out on the Best Specials of the Year Available Now - Top Training, Top Instruction!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Cross Origin Resource Sharing: Using CORS to secure AJAX

  • Friday, February 03, 2017 at 11:00 AM EST (2017-02-03 16:00:00 UTC)
  • Clay Risenhoover

You can now attend the webcast using your mobile device!



JavaScripts XML HTTP request (XHR) is the heart of AJAX: it allows for web pages to dynamically request content, in the background, without user interaction. In this webcast, we will review XHR and its place in AJAX, discuss the same-origin policy and its limitations in modern web applications, and examine the CORS headers that web application defenders can use to better control how cross-origin requests are handled by their applications.

The topic of this webcast is adapted as a sample of the many important web application defense subjects covered in the SANS course DEV522: Defending Web Applications Security Essentials.

Speaker Bio

Clay Risenhoover

Clay is the president of Risenhoover Consulting, Inc., an IT management consulting firm based in Durant, Oklahoma. Founded in 2003, RCI provides IT audit and IT management consulting services to clients in multiple sectors. Clay is a licensed Certified Public Accountant (CPA) with the Certified Information Technology Professional (CITP) designation. Since 2013 Clay has been involved with the SANS Institute and is the lead author and instructor for AUD507: Auditing & Monitoring Networks, Perimeters, and Systems, as well as a Faculty Research Advisor (FRA) for the SANS Technology Institute. Learn more about Clay here.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.