How to Hack OAuth - Øredev 2019

Video: https://vimeo.com/371495209 OAuth is the foundation of most of modern online security, used everywhere from signing in to mobile apps, to protecting your bank accounts. Despite its ubiquity,...

speakerdeck.com

Nov 8, 2019 · 5:18 PM UTC

Govner · Dec 3, 2019 · 2:16 PM UTC

Govner @oidc6

3 Dec 2019

Replying to @aaronpk

Add this one to your list: threatpost.com/microsoft-oau…

Aaron Parecki · Dec 3, 2019 · 2:20 PM UTC

Aaron Parecki @aaronpk

3 Dec 2019

aaaand this is why the Security BCP says to have an explicit list of redirect URIs and not allow wildcards 🤦‍♂️