Same-origin policy: The core of web security @ OWASP Wellington

It's like I can physically feel my brain growing from this knowledge. Thank you.

0:01 Introduction
2:10 What is an origin?
3:13 What is the same origin?
4:18 Same-origin policy
19:53 Why is same-origin policy important?
20:57 How does it apply to ___ ?
21:54 How does SOP apply to anchors?
22:28 How does SOP appy to forms?
24:54 How does SOP apply to images?
25:51 How does SOP apply to CSS?
27:32 How does SOP apply to JavaScript includes?
28:58 How does SOP apply to JSONP?
31:55 How does SOP apply to web storage?
34:40 How does SOP apply to cookies?
38:31 How does SOP apply to windows, frames and s?
40:36 How does SOP apply to XMLHttpRequest?
43:49 How does SOP apply to Java, Flash, PDF, Silverlight?
45:10 Getting around same-origin policy
45:53 Using PostMessage to communicate between frames
52:48 Using Cross-Origin Resource Sharing (CORS)
57:48 How to?
58:52 How to: Get data from another site?
58:47 How to: Isolate user content?
1:00:19 How to: Share cookies?
1:01:31 Limitations
1:03:04 Conclusion

this is the best video on SOP and CORS on the whole internet. Thank you a million.

Thank you! This is one of the best tutorial/talk on SOP I have ever seen!

Excellent explanation into the subjects, answers all my questions.

Best video on SOP. Thank you. Please keep posting these type of videos

The best explanation on SOP.

This was fantastic. Really long video but was so easy to watch and explained what I couldn’t grasp from 10 other 10-20 minute videos and countless documents of thousands of words. Thank you so much! Obviously solid and even casual grasp of this complex stuff

Best Video I watched By Far

Amazing talk!

Such an insightful video .Watched it couple of times to get a grasp of each minute

Certainly one of the best videos. Good one !

This is excellent material! I finally understand this complicated concept. Thanks!

Fantastic, subscribed immediately. Thank you for this!

Thank you very much for this wonderful talk. Very interesting, those rules and concepts are not taught enough in web development training courses wheareas it is fundamental

Thank you , Best vedio ever seen in SOP

Thank, it was so clear! Helped me a lot with class I'm taking.

Super useful and well presented. Fundamentals of web app security.

This is golden ❤ Perfect talk.

why didn't YT show this to me earlier..??!! Amazing work.

Thanks you, i love it

Very nicely done!

Thank you so much !

Excellent! Very clear. Thank you very much.

Thanks Kirk ! great video.

Great content explained wonderfully thank you

So, you mention HTTP POST loading a new/different context.. but wouldn't that be true for the GET as well? GET actually gets the fresh new document each time it's invoked.. and that new document is rendered into browser. I'm almost certain it should also load into a new/different context. Am I wrong?

Loved this video. Very informative!

It's really unclear how you're opening a new window at 11:22. You don't execute any JavaScript, but new tab/window somehow opens. Are you repeating last executed command? it's not visible.

a Great explanation, thanks a lot

Amazing content!

can we have a link to that presentation please?

Awesome!!

thank you , more than enough

Best explanation

Hi, this course is amazing ! Would you share the demo source code of html and javascript?

Great tutorial.

thank you

02:10 origin, url, scheme

awesome

What's that CSRF talk that is mentioned at 35:00? This one: ruclips.net/video/G1aLGaMqnm0/видео.html ?

Nicest content

04:17 history

thank you