YoVDO

OAuth2 and OIDC Security Weaknesses and Pitfalls

Offered By: NDC Conferences via YouTube

Tags

Penetration Testing Courses Authorization Courses API Security Courses Vulnerability Assessment Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore common OAuth2 and OpenID Connect (OIDC) security weaknesses and pitfalls in this conference talk from NDC Security in Oslo. Delve into the evolving best current practices (BCPs) for implementing these protocols and learn why following them doesn't guarantee a secure implementation. Discover insights from real-world penetration tests and security reviews, with a focus on the Backend-for-Frontend (BFF) pattern and its potential vulnerabilities. Examine the risks associated with reverse proxy catch-all routing, OAuth2 clients with extensive scope access, and APIs that rely solely on valid tokens and scopes for authorization. Witness live demonstrations of both attacks and defenses on a locally running OAuth2/OIDC application, gaining practical knowledge to enhance your implementation's security.

Syllabus

OAuth2/OIDC security weaknesses and pitfalls - Tobias Ahnoff & Pontus Hanssen


Taught by

NDC Conferences

Related Courses

Designing RESTful APIs
Udacity API Design and Fundamentals of Google Cloud's Apigee API Platform
Google Cloud via Coursera API Development on Google Cloud's Apigee API Platform
Google Cloud via Coursera API Security on Google Cloud's Apigee API Platform
Google Cloud via Coursera Developing APIs with Google Cloud's Apigee API Platform
Google Cloud via Coursera