Application Security: OAuth 2.0 and OpenID Connect

Presented at Diana Initiative 2020 Virtual, Aug. 21, 2020, 9 a.m. (60 minutes).

OAuth and OpenID Connect are the two widely used protocols for authentication and authorization of delegated access to third party applications. Not only they provide a common framework that can be implemented across different platforms, but also allow a user to grant limited access to their resources without having to expose their credentials, thus making them inherently more secure. But OAuth can be exploited to steal the access tokens, which can then be used in lieu of user credentials. This presentation will discuss the key concepts related to OAuth and OpenID and the relevant security issues with them. The presentation will also give an insight into how we can mitigate the risks to OAuth and detect the abuse of access tokens


Presenters:

  • Nitya Garg - Speaker
    Nitya works with LinkedIn Technology as Information Security Engineer – Threat Mitigation and Incident Response. She has about 7 years of experience in Information Security, most of which has been on Threat Detection, Intrusion Analysis, and Incident Response. She is passionate about promoting diversity in Information Security. She is part of ISSA W-CS: Women in Cybersecurity and Women's Society of Cyberjutsu, dedicated to raise awareness of cybersecurity among women and close the gender gap in security roles.
  • Akanksha Chaturvedi - Speaker
    Akanksha works with LinkedIn Technology as a Senior Identity & Access Management Engineer. She has been working in this domain since past 7 years. She has an expertise in SSO, Active Directory, Authentication, Azure AD fields. Prior to joining LinkedIn, she has worked for Microsoft and Tata Consultancy Services Ltd. She is passionate about the domain that she works on and likes to explore more in depth on the same.

Links:

Similar Presentations: