OnDemand SME Support = Get Your Questions Answered! Get an iPad mini, Surface Go 2, of $300 Off Now


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Cross Origin Resource Sharing: Using CORS to secure AJAX

  • Friday, February 03, 2017 at 11:00 AM EST (2017-02-03 16:00:00 UTC)
  • Clay Risenhoover

You can now attend the webcast using your mobile device!



JavaScripts XML HTTP request (XHR) is the heart of AJAX: it allows for web pages to dynamically request content, in the background, without user interaction. In this webcast, we will review XHR and its place in AJAX, discuss the same-origin policy and its limitations in modern web applications, and examine the CORS headers that web application defenders can use to better control how cross-origin requests are handled by their applications.

The topic of this webcast is adapted as a sample of the many important web application defense subjects covered in the SANS course DEV522: Defending Web Applications Security Essentials.

Speaker Bio

Clay Risenhoover

Clay is the president of Risenhoover Consulting, Inc., an IT management consulting firm based in Durant, Oklahoma. Founded in 2003, RCI provides IT audit and IT management consulting services to clients in multiple sectors. Clay's past experience includes positions in software development, technical training, LAN and WAN operations, and IT management in both the private and public sector. He is a SANS Certified Instructor, certified public accountant, has a master's degree in computer science and holds a number of technical and security certifications, including GPEN, GWEB, GSSP-NET, GSNA, CISA, CISM, CEH and CISSP.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.