Web Application Penetration Testing Tutorial For Beginners

What is Cross-Origin Resource Sharing (CORS) Vulnerability in Web API?

Cross Origin Resource Sharing (CORS) Definition

CORS stands for Cross-origin resource sharing. It is a web-based mechanism that is used to control access to resources hosted outside a specific domain. It has several benefits, like getting the flexibility for addition and extension of the same-origin policy (SOP).

Testing for CORS Vulnerability

To test cross-origin resource sharing (CORS), you can use tools like OWASP Zed Attack Proxy Project. It will help you to intercept HTTP headers. You need to pay heed to the origin header to understand the domains that are allowed. 

Moreover, you can further inspect it with JavaScript, the manual way to check if the code is vulnerable to code injection as a result of not handling the input properly. 

Test your knowledge with a quick quiz!

Which header is mostly used for testing CORS?

Select the correct answer

Did you find this article helpful?