A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


OAuth2.0 – It’s the Implementation Stupid!! - Tony Miller GrrCON 2014 (Hacking Illustrated Series InfoSec Tutorial Videos)

OAuth2.0 – It’s the Implementation Stupid!!
Tony Miller
GrrCON 2014

Recent media attention around “Covert Redirects” has stirred new concerns over an already identified weakness in OAuth 2.0 implementations. So if the weakness is not new, why do we keep hearing about it? OAuth 2.0 is a framework that when implemented correctly can be very secure but many developers do not understand or adhere to the specification and best practices for secure implementation. When implemented poorly, the resultant vulnerabilities can be a treasure chest of data exposure and session hijacking attack vectors. We’ll explore common mistakes in implementing OAuth2.0 and how they can be exploited. Use of OAuth has expanded well beyond its early implementations in social media platforms and is becoming increasingly common in enterprise development so we’ll delve into specific attack vectors that result. Of course we’ll also cover the design and remediation strategies that help prevent those common implementation flaws.

Back to GrrCON 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast