Completed
Attack Model (3)
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
OpenID Connect & OAuth 2.0 - Security Best Practices
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Some Context...
- 3 Simplified
- 4 Attack Model (3)
- 5 Implicit Flow Request
- 6 Implicit Flow Response
- 7 Grand Unification
- 8 Machine to Machine
- 9 Client Authentication
- 10 Sender Constrained Access Tokens w/ MTLS
- 11 Interactive Applications
- 12 Redirect URI Validation Attacks
- 13 Credential Leakage via Referrer Headers
- 14 Authorization Code Injection
- 15 Mitigation: Proof key for Code Exchange
- 16 Countermeasures Summary
- 17 Mix Up Attack (Variant 1)
- 18 Mix Up Countermeasures
- 19 How does ASP.NET Core prevent Mix Up Attacks?
- 20 Anti Pattern: Native Login Dialogs
- 21 Using a browser with Code Flow + PKCE
- 22 Different Approaches
- 23 Browser-based Applications (aka SPAs)
- 24 Anti-Forgery Protection
- 25 Refresh Token Storage in Browsers
- 26 What's next?