CORS Misconfigurations

Description

Cross-Origin Resource Sharing (CORS) is a technology used by websites to make web browsers relax the Same Origin Policy, enabling cross-domain communication between different websites.

Bussines Impact

An attacker may exploit the misconfigured CORS to potentially get users sensitive data or even their session.

Recommendation

Use the Access-Control-Allow-Origin header to restrict which domains can make cross-origin requests to the web server.

Reference

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »