From Zero to Cybersecurity Analyst

Federated Login CSRF

Federated Login CSRF

OWASP Foundation via YouTube Direct link

Mitigation 1: Show a 2nd Consent dialog before linking identities

14 of 15
Previous
Next

14 of 15

Mitigation 1: Show a 2nd Consent dialog before linking identities

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Federated Login CSRF

Automatically move to the next video in the Classroom when playback concludes
  1. 1 Intro
  2. 2 Quick Recap - Federated Login
  3. 3 Additional CSRF Scenarios
  4. 4 OAuth Code Grant Flow
  5. 5 Recommended State parameter
  6. 6 OpenID connect login flow
  7. 7 Risk in the current scenario
  8. 8 Recommended Parameter from OpenID Connect Spec
  9. 9 Federated Login CSRF (Pre-Conditions)
  10. 10 Attacker configuration
  11. 11 Attack data flow sequence
  12. 12 Risks
  13. 13 Demo
  14. 14 Mitigation 1: Show a 2nd Consent dialog before linking identities
  15. 15 Conclusions

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.