Same-origin policy: The core of web security @ OWASP Wellington 

0:01 Introduction 2:10 What is an origin? 3:13 What is the same origin? 4:18 Same-origin policy 19:53 Why is same-origin policy important? 20:57 How does it apply to ___ ? 21:54 How does SOP apply to anchors? 22:28 How does SOP appy to forms? 24:54 How does SOP apply to images? 25:51 How does SOP apply to CSS? 27:32 How does SOP apply to JavaScript includes? 28:58 How does SOP apply to JSONP? 31:55 How does SOP apply to web storage? 34:40 How does SOP apply to cookies? 38:31 How does SOP apply to windows, frames and s? 40:36 How does SOP apply to XMLHttpRequest? 43:49 How does SOP apply to Java, Flash, PDF, Silverlight? 45:10 Getting around same-origin policy 45:53 Using PostMessage to communicate between frames 52:48 Using Cross-Origin Resource Sharing (CORS) 57:48 How to? 58:52 How to: Get data from another site? 58:47 How to: Isolate user content? 1:00:19 How to: Share cookies? 1:01:31 Limitations 1:03:04 Conclusion

It's like I can physically feel my brain growing from this knowledge. Thank you.

Thank you! This is one of the best tutorial/talk on SOP I have ever seen!

this is the best video on SOP and CORS on the whole internet. Thank you a million.

Excellent explanation into the subjects, answers all my questions.

This was fantastic. Really long video but was so easy to watch and explained what I couldn’t grasp from 10 other 10-20 minute videos and countless documents of thousands of words. Thank you so much! Obviously solid and even casual grasp of this complex stuff

Best video on SOP. Thank you. Please keep posting these type of videos

The best explanation on SOP.

This is excellent material! I finally understand this complicated concept. Thanks!

Such an insightful video .Watched it couple of times to get a grasp of each minute

Fantastic, subscribed immediately. Thank you for this!

Thank, it was so clear! Helped me a lot with class I'm taking.

Certainly one of the best videos. Good one !

Best Video I watched By Far

Thank you , Best vedio ever seen in SOP

Thank you very much for this wonderful talk. Very interesting, those rules and concepts are not taught enough in web development training courses wheareas it is fundamental

Super useful and well presented. Fundamentals of web app security.

This is golden ❤ Perfect talk.

why didn't YT show this to me earlier..??!! Amazing work.

Excellent! Very clear. Thank you very much.

Thanks you, i love it

Thanks Kirk ! great video.

Great content explained wonderfully thank you

Loved this video. Very informative!

Very nicely done!

Thank you so much !

thank you

a Great explanation, thanks a lot

Amazing content!

thank you , more than enough

It's really unclear how you're opening a new window at 11:22. You don't execute any JavaScript, but new tab/window somehow opens. Are you repeating last executed command? it's not visible.

Best explanation

Awesome!!

So, you mention HTTP POST loading a new/different context.. but wouldn't that be true for the GET as well? GET actually gets the fresh new document each time it's invoked.. and that new document is rendered into browser. I'm almost certain it should also load into a new/different context. Am I wrong?

Great tutorial.

Hi, this course is amazing ! Would you share the demo source code of html and javascript?

can we have a link to that presentation please?

awesome

Nicest content

02:10 origin, url, scheme

What's that CSRF talk that is mentioned at 35:00? This one: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-G1aLGaMqnm0.html ?

04:17 history

thank you