Cross Origin Resource Sharing: Using CORS to secure AJAX
JavaScript's XML HTTP request (XHR) is the heart of AJAX: it allows for web pages to dynamically request content, in the background, without user interaction. In this webcast, we will review XHR and its place in AJAX, discuss the same-origin policy and its limitations in modern web applications, and examine the CORS headers that web application defenders can use to better control how cross-origin requests are handled by their applications.
The topic of this webcast is adapted as a sample of the many important web application defense subjects covered in the SANS course DEV522: Defending Web Applications Security Essentials.
