CORS VULNERABILITY TESTER FOR WEB APPLICATION

Abstract

The problems that were caused by the same-origin policy and the incorrect setup of it led to the development of a protocol known as cross-origin resource sharing (CORS). This protocol was designed to solve these problems. Current versions of web browsers come equipped with a feature known as the same-origin policy.. Scripts that are housed on one domain are unable to make calls to scripts that are placed on another website as a result of this functionality. This security policy may ban certain legitimate use cases that pose no security risky. Utilizing CORS is the optimal option for ensuring that those valid situations are able to work correctly.During the process of designing, implementing, and deploying CORS, we discovered a number of additional security problems, including the following: 1) CORS diminishes cross-origin "write" privilege in practical ways. 2) CORS introduces additional trust requirements the web of different interactions. 3) CORS is something which isn’t well understood for being developers, most likely as a result of its. opaque policy and complicated and complex linkages with other web protocols, which results in a variety of misconfigurations. This is the case since CORS is notoriously difficult to understand. In conclusion, we provide simplified and clarified versions of the protocol in order to solve the security problems that were uncovered by our study. Both the CORS standard and the most common web browsers have taken some of our suggestions and implemented them in a variety of different ways.