Cross-Tenant Request Forgery Attack in Multi-Tenancy Environments

Explore the critical security vulnerability of Cross-Tenant Request Forgery Attacks in multi-tenancy environments through this informative conference talk. Delve into the complexities of implementing OAuth in SaaS platforms, particularly when supporting multiple customers. Understand the challenges and potential risks associated with 2LO (Client Credential or JWT bearer) implementations in multi-tenant settings. Learn how attackers can exploit these vulnerabilities to compromise co-existing tenants and access their data undetected. Discover the concept of "Cross-Tenant Request Forgery" and gain insights into proper implementation techniques, vendor-specific remediations, and best practices for securing multi-tenant environments. Benefit from the expertise of Albert Yu, co-founder and CTO of Anzenna Inc., and Alan Bishop, lead software developer at Anzenna, as they share their extensive experience in building secure infrastructures and identifying web application security issues.