Going Further                                                              Chapter 13

            Single-Origin Policy

            The single-origin policy is a part of the CORS system employed by browsers regulating and
            limiting the ability for scripts originating from different origins (hostnames, ports, and so
            on) to access data from each other. The single-origin/CORS mechanism is an attempt to stop
            one application exposing sensitive information or making a state-changing action on
            another site.



            Submission Report

            Your submission report refers to the documentation surrounding the vulnerability you
            believe you've discovered.


            Vulnerability


            A vulnerability is a flaw in an application that allows for an attacker to compromise the
            application, its user base, or its network. The vulnerability (a term often used
            synonymously with bug) isn't the attack itself, but rather the chink in the armor through
            which the exploit (the actual malicious code part) slips through.



            White Box Testing

            White box testing refers to auditing an application for security flaws in an engagement
            where you have access to the application's source code. Although we discuss exploring an
            application's publicly available client-side code in various places, and in our $IBQUFS
              , Other Tools, we discuss white box tools, such as Pytaint, to give you an idea of the
            security landscape, the vast majority of any bug bounty hunter's work will be black box
            testing.


















                                                    [ 206 ]