Is OAuth Really Secure?

“Is OAuth Really Secure?” is the title of a talk I gave at the IBWAS’10 conference, last December.

Is the OAuth protocol really secure? Even though the OAuth authorization protocol has been published as the RFC 5849 and is being widely adopted by large Internet companies, it’s important to stress out its possible security vulnerabilities.

This talk focuses on the OWASP Top 10 Application Security Risks and how OAuth is affected by them. While some of the security risks are mitigated by OAuth, developers need to take some action to prevent other risks from affecting their implementations.

If you have time to watch, there’s also a video of the talk.


One thought on “Is OAuth Really Secure?”

What do you think?

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s