SOP(Same Origin Policy): Security Protocol

SOP or Same Origin Policy is restrictive policy that prevent loading of document and malicious script from one origin to obtain access to sensitive data on another web page through that page's Data Object Model.

(Data Object Model is Application Programming Interface for valid HTML and XML documents and defines the logical structure of documents)

Lets take an example to get better understanding of SOP , You open your FACEBOOK account in a tab and then you open another web page in different tab which has some JavaScript code that attempts to access information from your FACEBOOK page, that the point where Same Origin Policy kicks in, as soon attempt is made to get access from some other domain then this policy prevent interaction.

Origin of a webpage is based on hostname, protocol and port number . The path of the page doesn't matter as long as these three things are satisfied. Data stored in localstorage is also governed by SOP.

Let take an example exhibiting different SOP result based on above mentioned things when compared with origin :

http://xyz/abc/cc.html

 URL
 RESULT
 EXPLANATION
 http://xyz/pqr/cc.html
 PASS
 Path not matter
 http://www.xyz/abc/cc.html
 FAIL
 Different Domain
 http://xyz:8081/pqr/cc.htm
 FAIL
 Different Port
 ftp://xyz/pqr/cc.html
 FAIL
 Different Protocol


Comments

Post a Comment

Popular posts from this blog

Network Models and Differences

Image
TCP/IP and OSI Model Open System Interconnect model is a standard of the International Organization for Standardization (ISO). It is a general-purpose paradigm for discussing or describing how computers communicate with one another over a network. Its seven-layered approach to data transmission divides the many operations up into specific related groups  of actions at each layer . Transmission Control Protocol/Internet Protocol  is Internet protocol suit created by US Defense Advance Research Project Agency to ensure that communication could survive in any condition and data integrity would not be compromised under malicious attacks. The Transmission Control Protocol provides a communication service at an intermediate level between an application program and the Internet Protocol. It provides host-to-host connectivity at the  Transport Layer  of the Internet model. An application does not need to know the particular mechanisms for sending data via a l...
Read more

Installing SQLMap in Windows

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. SQLMap is coded in  Python  programming language and runs natively in Linux operating system, for running it in Windows, first you have to download Python then Sqlmap. Steps are as follows:  Step 1 – Download & Install Python Python 2.7 installed on your Windows machine. Ensure that version 2.7.5 is installed which can be downloaded from here -  http://www.python.org/download/ Choose either the normal Windows installer, or the Windows x86-64 installer. Run through the install accepting the defaults.  If all went well, then all of the Python files should be installed to C:\Python27\ Step 2 – Download SQLMap SQLMap downloaded on your Windows machine The latest and greatest version is available on the SQLMap home page – click here -  https://github.com/sqlmapproject/sqlmap.g...
Read more