Same-origin policy: The core of web security


The "same-origin policy" is a loosely defined set of rules that has evolved over the years since javascript was first introduced in 1995.

In this talk, Kirk will explain how origins work in your web browser, and why they are the fundamental protection against attacks like cross-site request forgery.

Along the way we'll look at how you can leverage the same-origin policy to protect data on your site, and how you can bend it to your will to allow functionality to be hosted on multiple urls -- such as cross-origin resource sharing (CORS), PostMessage and JSONP.

Kirk Jackson works at RedShield, leads this meetup and helps organise the annual OWASP NZ Day in Auckland.

Please arrive around 5:45pm for a 6pm start.

The talk will also be live-streamed and recorded on Youtube at the following url: