CORS \u0026 SOP

To access material, start machines and answer questions login.

Introduction

Cross-Origin Resource Sharing, also known as , is a mechanism that allows web applications to request resources from different domains securely. This is crucial in web security as it prevents malicious scripts on one page from obtaining access to sensitive data on another web page through the browser.

Same-origin policy, also known as , is a security measure restricting web pages from interacting with resources from different origins. An origin is defined by the scheme (protocol), hostname (domain), and URL port.

Objectives

Understand the fundamental principles of and .
Identify and understand the security implications of and configurations.
Exploit and -related vulnerabilities in a controlled environment.
Understand and apply measures to mitigate and prevent these vulnerabilities.

Pre-requisites

Basic understanding of web application architecture and server-side scripting.
Familiarity with web server configurations and headers.
Knowledge of JavaScript's XMLHttpRequest (XHR) or Fetch .

Answer the questions below

Deploy the target VM attached to this task by pressing the green Start Machine button. We will use the machine's generated IP address later at the end of the room.

Ready to learn Cyber Security?

The CORS & SOP room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.

Already have an account? Log in

CORS & SOP

Task 1IntroductionTask includes a deployable machine

Introduction

Objectives

Pre-requisites

Task 2Understanding SOPPremium

Task 3Understanding CORSPremium

Task 4ACAO in depthPremium

Task 5Common MisconfigurationsPremium

Task 6 Lab ConnectionPremium

Task 7Arbitrary OriginPremium

Task 8Bad Regex in OriginPremium

Task 9Null OriginPremium

Task 10ConclusionPremium

Ready to learn Cyber Security?