OWASP Omaha - Exploiting CORS and Beyond
Event ended

OWASP Omaha - Exploiting CORS and Beyond

O
By OWASP Omaha
Peter Kiewit InstituteOmaha, NE
Aug 24 , 2018 at 12:00 pm CDT
Overview

CORS.  What is it good for?  Absolutely nothing.  In this OWASP discussion, we will cover what CORS is, why it is used in a lot of places today, and why it's a terrible, no-good, very bad thing in production.  We will cover how to manually detect weak CORS policies and how to exploit said policies.

About Adam

Adam Schaal is a Sr. Software Security Engineer at CSG where he works with developers to maintain secure applications.  Under his team's purview, are over 900 developers coding in over a dozen languages across a multitude of time zones.  Adam also spends his time in a leadership role with the local DEF CON 402 (http://dc402.org) group and is also helping lead the charge for a 2019 Omaha security conference - KernelCon.  More details at https://kernelcon.org.

Parking

UNO's campus has open parking on Fridays. There is no need for permits or passes if you park on the surface lots near the buliding.  

Lunch

Lunch will be provided on a first come first serve basis. Please RSVP so we have a good count.

Room

We will be using PKI 279 for the talk. Doors will open at 11:45 AM

CPEs

This presentation will count as 1 hour of CPEs.

Streaming / Archive

We do not have plans to stream this session.

CORS.  What is it good for?  Absolutely nothing.  In this OWASP discussion, we will cover what CORS is, why it is used in a lot of places today, and why it's a terrible, no-good, very bad thing in production.  We will cover how to manually detect weak CORS policies and how to exploit said policies.

About Adam

Adam Schaal is a Sr. Software Security Engineer at CSG where he works with developers to maintain secure applications.  Under his team's purview, are over 900 developers coding in over a dozen languages across a multitude of time zones.  Adam also spends his time in a leadership role with the local DEF CON 402 (http://dc402.org) group and is also helping lead the charge for a 2019 Omaha security conference - KernelCon.  More details at https://kernelcon.org.

Parking

UNO's campus has open parking on Fridays. There is no need for permits or passes if you park on the surface lots near the buliding.  

Lunch

Lunch will be provided on a first come first serve basis. Please RSVP so we have a good count.

Room

We will be using PKI 279 for the talk. Doors will open at 11:45 AM

CPEs

This presentation will count as 1 hour of CPEs.

Streaming / Archive

We do not have plans to stream this session.

Organized by
O
OWASP Omaha
Followers--
Events17
Hosting11 years
Report this event
Related
Sales ended
Aug 24 · 12:00 pm CDT