How to Hack OAuth: Real-World Attacks and Prevention Strategies

Explore real-world OAuth hacks that affected major providers like Twitter, Facebook, and Google in this 25-minute talk. Dive into the details of each specific attack, understanding how they occurred and what could have been done to prevent them. Learn about technical flaws in the OAuth system as well as vulnerabilities related to human factors. Gain insights into implementing OAuth safely and securely in today's dramatically different online security landscape compared to when OAuth was initially created. Discover the importance of features like Facebook's "View As" and their potential security implications. Enhance your understanding of OAuth, the foundation of modern online security used in mobile app sign-ins and bank account protection.