This is Pankaj Mouriya
I would like to present a talk on “The Core of Web Security”
Same Origin Policy is the Fundamental Security Model of the web, it’s been very long that I have been struggling around Same Origin Policy and to overcome this struggle, I did some google and went through some books, watched some boring yet fruitful videos and ended up giving this talk.
Having a deep understanding of the Same Origin Policy model is important especially if you are a Security Analyst or developer for secure web development. The Same Origin Policy is possibly the most important security control enforced on the web and is also an inconsistently implemented specification which is many of the times explained so vaguely by human minds that it does not make any sense to other Human Minds. In this talk I will try to make it easy to understand and will keep your brains engaged so that it does not turn into a boring lecture. We will learn about Same Origin Policy with DOM, browser tabs, iframes, importance of SOP and how it is applied to web storage, images, CSS, JS, etc. I will also talk about Same Origin Policy exceptions and ways to get around Same Origin Policy with detailed explanation to postMessage API, URI fragment and CORS etc.
- What should be Allowed
- Same Origin Policy
- Example: Web Browser an OS Kernel, Analagy using an Hospital
- What is an URL?
- Definition of an Origin
- Quiz - Based on Same Origin
- Same Origin Policy - Slide
- Same Origin Policy - DEMO
- Same Origin Policy with Tabs
- Is Cross Origin Fetch allowed - DEMO
- How does Same Origin Policy apply to :
- Web Storage
- Prolems/ Getting Around Same Origin Policy
- Exception - Same Origin Policy
- What is allowed?
Table of content is subject to change