OpenID Connect is a reenvisioning of the OAuth protocol; it was designed to solve the authentication problem and patch security holes in the original specification by making the standard more stringent and demanding. But people continue making mistakes, and misconfigs resulting in vulnerabilities still occur. This article…
CONTINUE READING 🡒 Author: Maksim Rogov
OAuth from top to bottom. Vulnerability chains and authentication attacks
This article discusses OAuth misconfigs. Normally, most of them are harmless, but under certain conditions, such misconfigs can entail severe consequences, including hacked admin accounts. Today you will learn how to search for vulnerability chains in OAuth.
CONTINUE READING 🡒 
OAuth from top to bottom. Examining protocol features and basic…
Most modern websites have an authentication form, and in its lower part you can often see buttons enabling you to sign in via various social networks. This login mechanism is based on the OAuth protocol, and today you’ll learn its structure and main vulnerabilities. At the…
CONTINUE READING 🡒