This presentation was recorded at GOTO Chicago 2020. #GOTOcon #GOTOchgo
http://gotochgo.com
Aaron Parecki - Senior Security Architect at Okta
ABSTRACT
OAuth is the foundation of most of modern online security, used everywhere from signing in to mobile apps, to protecting your bank accounts. Despite its ubiquity, it is still often difficult to implement safely and securely, especially in today's landscape, which is dramatically different from the world of online security as it existed when OAuth was initially created.
This talk will explore several real-world OAuth hacks that affected major providers like Twitter, Facebook and Google. I'll share the details of how each specific attack happened, as well as [...]
TIMECODES
00:00 Intro
00:40 What is OAuth?
03:06 How does OAuth work?
05:52 The hacks
07:48 PKCE - Proof-Key for Code Exchange
09:18 JWT - JSON Web Token
11:34 Attack on Google OAuth
14:56 Attack on Facebook's access tokens
18:01 Outro
Download slides and read the full abstract here:
https://gotochgo.com/2020/sessions/1441/how-to-hack-oauthhttps://twitter.com/GOTOconhttps://www.linkedin.com/company/goto-https://www.facebook.com/GOTOConferences
#OAuth #Security #Privacy #Programming #OAuthHacks #PKCE #JWT
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at http://gotocon.com
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
https://www.youtube.com/user/GotoConferences/?sub_confirmation=1