RVAsec 2022 has ended
Streaming: https://mssvideo.vcu.edu/RVAsec
Back To Schedule
Thursday, June 16 • 1:00pm - 1:50pm
Slippery SOP: Edge Cases in the Same Origin Policy

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Why is the web full of cross-site scripting and cross-site request forgery even through browsers enforce the Same Origin Policy? Can we use the Same Origin Policy to mitigate these attacks? In this talk, we'll answer these questions and more, including uncovering some shortcomings of the Same Origin Policy that can allow attackers to scrape sensitive information from internal websites without authorization.

avatar for Collin Berman

Collin Berman

Pentester, Capital One
Collin Berman is a pentester at Capital One Financial, focusing on web, cloud, and cryptography. After getting his start playing CTFs in high school, Collin went on to found the University of Virginia's Computer and Network Security Club. When not on the Internet, Collin enjoys hiking... Read More →

Thursday June 16, 2022 1:00pm - 1:50pm EDT