Jacob Kaplan-Moss

2 items tagged “oauth”

📌 Into the symmetry: CSRF in Facebook/Dropbox - "Mallory added a file using Dropbox"

A variation of the a classic OAuth vulnerabilty. These shorts of things are depressingly common, and this is why people sometimes talk about OAuth itself as being insecure. #

📌 Attacking the OAuth Protocol - Dhaval Kapil

An analysis of some of the weaknesses in the Oauth2 protocol. I’m not sure I agree with the premise that “the Oauth 2.0 protocol itself is insecure”, but if you’re implementing an OAuth provider you certainly need to know about these weakensses and mitigations. #