Cross Origin Resource Sharing: Using CORS to secure AJAX

  • Webcast Aired Friday, 03 Feb 2017 11:00AM EST (03 Feb 2017 16:00 UTC)
  • Speaker: Clay Risenhoover

JavaScript's XML HTTP request (XHR) is the heart of AJAX: it allows for web pages to dynamically request content, in the background, without user interaction. In this webcast, we will review XHR and its place in AJAX, discuss the same-origin policy and its limitations in modern web applications, and examine the CORS headers that web application defenders can use to better control how cross-origin requests are handled by their applications.

The topic of this webcast is adapted as a sample of the many important web application defense subjects covered in the SANS course DEV522: Defending Web Applications Security Essentials.