00 — Overview

CORS Misconfiguration

Learn how misconfigured Cross-Origin Resource Sharing headers let any website silently steal authenticated user data from APIs.

Intermediate·35 min·5 tasks

// By the end of this module

→Understand the CORS mechanism and when it is enforced

→Identify misconfigured Access-Control-Allow-Origin headers

→Exploit CORS to steal authenticated API responses from another origin

→Recognise the difference between CORS misconfiguration and CSRF

// Prerequisites

Foundation · Beginner

45 min

Foundation · Beginner

35 min