Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Cross-Tenant Request Forgery Attack in Multi-Tenancy Environments

OWASP Foundation via YouTube

Overview

Explore the critical security vulnerability of Cross-Tenant Request Forgery Attacks in multi-tenancy environments through this informative conference talk. Delve into the complexities of implementing OAuth in SaaS platforms, particularly when supporting multiple customers. Understand the challenges and potential risks associated with 2LO (Client Credential or JWT bearer) implementations in multi-tenant settings. Learn how attackers can exploit these vulnerabilities to compromise co-existing tenants and access their data undetected. Discover the concept of "Cross-Tenant Request Forgery" and gain insights into proper implementation techniques, vendor-specific remediations, and best practices for securing multi-tenant environments. Benefit from the expertise of Albert Yu, co-founder and CTO of Anzenna Inc., and Alan Bishop, lead software developer at Anzenna, as they share their extensive experience in building secure infrastructures and identifying web application security issues.

Syllabus

Cross-Tenant Request Forgery Attack in Multi-Tenancy Environments - Albert Yu & Alan Bishop

Taught by

OWASP Foundation

Reviews

Start your review of Cross-Tenant Request Forgery Attack in Multi-Tenancy Environments

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.