same-origin-policy Archives

Hot Topics

Introducing the Same-origin Policy Whitepaper

Dawn Baird | April 6, 2018 | same-origin-policy

Same-origin Policy (SOP) is a set of restrictions originally implemented by Netscape developers to help securely manage the relationships and connections between web resources such as HTML documents and other content, APIs ...

Netsparker, Web Application Security Scanner

Exploiting Insecure crossdomain.xml to Bypass Same Origin Policy (ActionScript PoC)

Gursev Singh Kalra | August 28, 2013 | ActionScript, allow-access-from, bypass, crossdomain.xml, Exploit, flash, same-origin-policy

Adobe Flash is among the most popular browser plugins and also ships by default with a couple of popular web browsers. Its widespread prevalence has made it a frequent target of attacks ...

Random Security

Defeating the Same Origin Policy: Part II

John Heasman | March 19, 2008 | 233324, Java, same-origin-policy, sun alert, vulnerability

In my last post I gave details of how unsigned applets could bypass the same origin policy in order to make arbitrary network connections; the Sun alert for this issue is here ...

aut disce, aut discede

Defeating the Same Origin Policy: Part I

John Heasman | March 12, 2008 | Java, same-origin-policy, sun alert, vulnerability

So last week Sun released updated versions of the Java Runtime Environment and with them, a host of Sun Alerts. These are neatly summarised on the Sun Security blog. Over the next ...

aut disce, aut discede