Cross Origin Resource Sharing Playground

Learning Path
Application Security Essentials
Ideal for
Security Engineer
Security Champion
Cloud Labs

Cross Origin Resource Sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain. But while convenient, it also opens up the possibility of cross-domain attacks.

In this Playground, we’ll be going over both attack and defense for CORS, using hands-on labs to get a practical understanding of how these exploits work in the real world.

We’ll be learning how to exploit CORS using a phishing attack, then a basic origin reflection. Both these labs will have a defensive component as well. Our final lab exercise will feature a CSRF attack and CORS misconfiguration, after which you’ll learn to secure against these attacks.

You might also like these courses

Or explore these Learning Paths


CORS vulnerability with wildcard(*) along with phishing attack

CORS vulnerability with basic origin reflection

CORS and CSRF Attack and Defence