OAuth - Securing the Insecure

Presented at Black Hat USA 2011, Aug. 3, 2011, 4:05 p.m. (25 minutes)

OAuth is an emerging open-web specification for a growing number of organizations to access protected resources on each other's web sites. This presentation is a focused study of this user-centric Identity technology and its security weaknesses. We will present concise scenarios of how insecure implementations of this protocol can be abused maliciously. We examine the characteristics of some of these attack vectors, with real-world examples, and discuss tips on secure implementation and countermeasures.


Presenters:

Links:

Similar Presentations: