When I first started learning about Cross Origin Resource Sharing (CORS) as it applies to web application pentesting, I found it was difficult to gather information needed to fully grasp the security implications of common CORS misconfigurations. (Spoiler: If Burp Suite lights up red like below, things can get pretty ugly!) I think there’s a...