Same-origin policy: The core of web security @ OWASP Wellington

No video

Same-origin policy: The core of web security @ OWASP Wellington

Рет қаралды 31,815

6 жыл бұрын

This session we've got Kirk Jackson from RedShield presenting, and he's going to introduce the same-origin policy that underpins browser security.
Abstract:
The "same-origin policy" is a loosely defined set of rules that has evolved over the years since javascript was first introduced in 1995.
In this talk, Kirk will explain how origins work in your web browser, and why they are the fundamental protection against attacks like cross-site request forgery.
Along the way we'll look at how you can leverage the same-origin policy to protect data on your site, and how you can bend it to your will to allow functionality to be hosted on multiple urls -- such as cross-origin resource sharing (CORS), PostMessage and JSONP.
Speaker Bio:
Kirk is an application security analyst and researcher at RedShield, where he protects vulnerable web apps for a living. Kirk organises the Wellington OWASP meetup, helps organise the OWASP NZ Day conference, and has presented at various conferences, meetups and code camps in New Zealand and overseas - usually on the topics of developer security and web security.
Live-stream:
This video will kick off at about 6pm on Monday 2 October and live-stream the session. After the session concludes you'll be able to watch at your leisure.

Пікірлер: 45

@roboedar 4 жыл бұрын

It's like I can physically feel my brain growing from this knowledge. Thank you.

@mohideenabdulkatheerm37 2 жыл бұрын

0:01 Introduction 2:10 What is an origin? 3:13 What is the same origin? 4:18 Same-origin policy 19:53 Why is same-origin policy important? 20:57 How does it apply to ___ ? 21:54 How does SOP apply to anchors? 22:28 How does SOP appy to forms? 24:54 How does SOP apply to images? 25:51 How does SOP apply to CSS? 27:32 How does SOP apply to JavaScript includes? 28:58 How does SOP apply to JSONP? 31:55 How does SOP apply to web storage? 34:40 How does SOP apply to cookies? 38:31 How does SOP apply to windows, frames and s? 40:36 How does SOP apply to XMLHttpRequest? 43:49 How does SOP apply to Java, Flash, PDF, Silverlight? 45:10 Getting around same-origin policy 45:53 Using PostMessage to communicate between frames 52:48 Using Cross-Origin Resource Sharing (CORS) 57:48 How to? 58:52 How to: Get data from another site? 58:47 How to: Isolate user content? 1:00:19 How to: Share cookies? 1:01:31 Limitations 1:03:04 Conclusion

@ys5399 5 жыл бұрын

Thank you! This is one of the best tutorial/talk on SOP I have ever seen!

@user-ze4qq8mm1q 2 жыл бұрын

this is the best video on SOP and CORS on the whole internet. Thank you a million.

@vikas3916 Жыл бұрын

Best Video I watched By Far

@stolensentience 4 жыл бұрын

This was fantastic. Really long video but was so easy to watch and explained what I couldn’t grasp from 10 other 10-20 minute videos and countless documents of thousands of words. Thank you so much! Obviously solid and even casual grasp of this complex stuff

@cookkieoverflow2952 3 жыл бұрын

The best explanation on SOP.

@manis1845 2 жыл бұрын

Best video on SOP. Thank you. Please keep posting these type of videos

@arindamgupta3174 3 жыл бұрын

This is excellent material! I finally understand this complicated concept. Thanks!

@sto2779 Жыл бұрын

Excellent explanation into the subjects, answers all my questions.

@venkaraj 2 жыл бұрын

Such an insightful video .Watched it couple of times to get a grasp of each minute

@ravivashatkar5585 3 жыл бұрын

Certainly one of the best videos. Good one !

@keliliu4849 6 жыл бұрын

Thank, it was so clear! Helped me a lot with class I'm taking.

@CodaJohnPaul 3 жыл бұрын

Fantastic, subscribed immediately. Thank you for this!

@bafellah9727 4 жыл бұрын

Thank you , Best vedio ever seen in SOP

@nikosc 5 жыл бұрын

Super useful and well presented. Fundamentals of web app security.

@Galileo51Galilei Жыл бұрын

Thank you very much for this wonderful talk. Very interesting, those rules and concepts are not taught enough in web development training courses wheareas it is fundamental

@tingping7684 2 жыл бұрын

Thanks you, i love it

@soulstream666 3 жыл бұрын

This is golden ❤ Perfect talk.

@VamsiKrishna-yt5hi 3 жыл бұрын

why didn't YT show this to me earlier..??!! Amazing work.

@somebody3014 5 ай бұрын

thank you

@sureshkhatri7321 3 жыл бұрын

Thank you so much !

@cliffmathew 6 жыл бұрын

Excellent! Very clear. Thank you very much.

@deusman4150 4 жыл бұрын

Very nicely done!

@saideepakaleti4160 4 жыл бұрын

Great content explained wonderfully thank you

@FahadAlQallaf 5 жыл бұрын

Thanks Kirk ! great video.

@thapr0digy 6 жыл бұрын

Loved this video. Very informative!

@ahmedkhalifa8273 6 жыл бұрын

thank you , more than enough

@Itxpc 4 жыл бұрын

Awesome!!

@the-baker 4 жыл бұрын

a Great explanation, thanks a lot

@felipechagas7618 4 жыл бұрын

Amazing content!

@alexsh.8080 5 жыл бұрын

Best explanation

@jub0bs 4 жыл бұрын

Great tutorial.

@crusader_ 3 жыл бұрын

Nicest content

@georgetsiklauri Жыл бұрын

So, you mention HTTP POST loading a new/different context.. but wouldn't that be true for the GET as well? GET actually gets the fresh new document each time it's invoked.. and that new document is rendered into browser. I'm almost certain it should also load into a new/different context. Am I wrong?

@ex0day 4 жыл бұрын

awesome

@georgetsiklauri Жыл бұрын

It's really unclear how you're opening a new window at 11:22. You don't execute any JavaScript, but new tab/window somehow opens. Are you repeating last executed command? it's not visible.