cors header showing null origin

CORS Vulnerability with Null Origin

Reflected origin lab conquered – now, let’s look at when the server side accepts a null origin. Why would a developer ever allow server side to accept a null origin? Sometimes web applications need to use other protocols (file:// for…

burp lab for cors reflected origin vulnerability

CORS Vulnerability with Origin Reflection

It’s time to get back to the labs on PortSwigger Web Security Academy. For this lab, we’re dealing with a CORS vulnerability with Origin reflection. We’re dealing with Same-Origin Policy and Cross-Origin. Here’s a few reference links for additional content:…

same origin policy featured image

Understanding Same-Origin Policy (SOP)

What Is Same Origin Policy When looking to implement a new chunk of JavaScript or exploring credential exfiltration for bug bounty, we definitely run into CORS (Cross-Origin Resource Sharing). In order to understand CORS, it is important to understand Same-Origin…

cps featured image

Content Security Policy – Script-Src

This blog post is going to summarize the available options (values) for the ‘script-src’ directive within the Content Security Policy (CSP) header. The CSP should be configured from a security standpoint such that it bolsters the security posture of your…