Cory Turner
Cory is a senior penetration tester at KPMG. He has worked across the trade in testing infrastructure, web, desktop, and mobile applications, and cloud environments. He primarily focuses on the Defence & National Security space, but has worked with a range of clients in industries from banking to health & care, CNI, and NGOs. He became a penetration tester after reading War Studies at King's College London, during which he exchanged at Yonsei University, South Korea, where a budding love of all things tech began.
Having come from a non-traditional subject, he seeks to support the the entry of individuals from non-traditional backgrounds into the trade, the sharing of new techniques, and the professionalisation of the trade as a whole. Outside of the pentesting world, he volunteers as a school governor, does some sound design, and has developed a passion for teaching generally. He does most things armed with several mugs of coffee.
Session
CORS misconfigurations are one of the most widely misunderstood topics in the web app testing space, largely due to common misconceptions about them. This talk will arm aspiring web app testers with the knowledge to identify and exploit CORS issues end-to-end and key mitigating controls to consider.