YoVDO

OAuth2 and OIDC Security Weaknesses and Pitfalls

Offered By: NDC Conferences via YouTube

Tags

Penetration Testing Courses Authorization Courses API Security Courses Vulnerability Assessment Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore common OAuth2 and OpenID Connect (OIDC) security weaknesses and pitfalls in this conference talk from NDC Security in Oslo. Delve into the evolving best current practices (BCPs) for implementing these protocols and learn why following them doesn't guarantee a secure implementation. Discover insights from real-world penetration tests and security reviews, with a focus on the Backend-for-Frontend (BFF) pattern and its potential vulnerabilities. Examine the risks associated with reverse proxy catch-all routing, OAuth2 clients with extensive scope access, and APIs that rely solely on valid tokens and scopes for authorization. Witness live demonstrations of both attacks and defenses on a locally running OAuth2/OIDC application, gaining practical knowledge to enhance your implementation's security.

Syllabus

OAuth2/OIDC security weaknesses and pitfalls - Tobias Ahnoff & Pontus Hanssen


Taught by

NDC Conferences

Related Courses

Authentication & Authorization: OAuth
Udacity Rails with Active Record and Action Pack
Johns Hopkins University via Coursera Desarrollo de Aplicaciones Web: Seguridad
University of New Mexico via Coursera Web Application Development: Security
University of New Mexico via Coursera Managing Identity
Microsoft via edX