Security Intermediate

What is CORS (Cross-Origin Resource Sharing)?

A browser security mechanism that controls which web domains can access resources from another domain via HTTP requests.

CORS extends the same-origin policy to allow controlled cross-domain requests. The server uses HTTP headers (Access-Control-Allow-Origin, Access-Control-Allow-Methods) to specify which origins can access its resources.

Preflight requests (OPTIONS method) check permissions before actual requests for certain request types. CORS issues are common during development when frontend and backend run on different ports. Proper CORS configuration balances security with functionality.

Related Terms

Two-Factor Authentication (2FA)

A security method requiring two different forms of identification before granting access to an account.

Penetration Testing

An authorized simulated cyberattack on a system to evaluate its security defenses and identify vulnerabilities.

DAST (Dynamic Application Security Testing)

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

Supply Chain Attack

A cyberattack that targets less-secure elements in the software supply chain to compromise downstream users and organizations.

PKI (Public Key Infrastructure)

A framework of policies, hardware, and software for creating, managing, distributing, and revoking digital certificates.

A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project.

View All Security Terms →