CarolinaCon 11 Slides for Anatomy of Web Client Attack

For those who have asked – my slide deck for Anatomy of Web Client Attacks can be downloaded here. Jason Gillam is a Senior Security Consultant with Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at, on Twitter @JGillam, or visit the …

CarolinaCon 11 Slides for Anatomy of Web Client AttackRead More »

CORS Global Policy

I recently noticed an uptake on Cross-Origin Resource Sharing (CORS) findings showing up in automated scanning tools, which would not have been a significant concern except for the fact that the tools were rating this as a relatively “high” severity and very few people I asked about it seemed to have any idea what it …

CORS Global PolicyRead More »

Grab a CORS Light

Many of you already know that any cross-site HTTP requests invoked from scripts running within a browser are restricted by the Same-Origin-Policy.  Basically this means that any cross-site HTTP requests, such as XMLHttpRequest, are only allowed to make requests to the same domain that the page was loaded from, and not to any other domains.  …

Grab a CORS LightRead More »