Tag burp

CORS Vulnerability with Null Origin

cors header showing null origin

Reflected origin lab conquered – now, let’s look at when the server side accepts a null origin. Why would a developer ever allow server side to accept a null origin? Sometimes web applications need to use other protocols (file:// for…

CORS Vulnerability with Origin Reflection

burp lab for cors reflected origin vulnerability

It’s time to get back to the labs on PortSwigger Web Security Academy. For this lab, we’re dealing with a CORS vulnerability with Origin reflection. We’re dealing with Same-Origin Policy and Cross-Origin. Here’s a few reference links for additional content:…

Understanding Same-Origin Policy (SOP)

same origin policy featured image

What Is Same Origin Policy When looking to implement a new chunk of JavaScript or exploring credential exfiltration for bug bounty, we definitely run into CORS (Cross-Origin Resource Sharing). In order to understand CORS, it is important to understand Same-Origin…

Content Security Policy – Script-Src

cps featured image

This blog post is going to summarize the available options (values) for the ‘script-src’ directive within the Content Security Policy (CSP) header. The CSP should be configured from a security standpoint such that it bolsters the security posture of your…