Is OAuth Really Secure?

“Is OAuth Really Secure?” is the title of a talk I gave at the IBWAS'10 conference, last December.

Is the OAuth protocol really secure? Even though the OAuth authorization protocol has been published as the RFC 5849 and is being widely adopted by large Internet companies, it’s important to stress out its possible security vulnerabilities.

This talk focuses on the OWASP Top 10 Application Security Risks and how OAuth is affected by them. While some of the security risks are mitigated by OAuth, developers need to take some action to prevent other risks from affecting their implementations.

If you have time to watch, there’s also a video of the talk.