Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Hacking OAuth 2.0 for Fun and Profit

Bugcrowd via YouTube

Overview

Explore methods for discovering high-impact vulnerabilities in OAuth 2.0 integrations through this 50-minute conference talk. Delve into the history and basics of OAuth 2.0, understand its various grant types, and learn where it's commonly implemented. Uncover secret methodologies for token stealing, code stealing, CSRF attacks, and token impersonation. Examine real-world case studies, proof of concepts, and attack workflows to enhance your understanding of OAuth 2.0 security. Gain valuable insights into identifying and exploiting vulnerabilities in OAuth 2.0 implementations for ethical hacking and bug bounty purposes.

Syllabus

Intro
About Me
Agenda
HISTORY OF OAuth
OAuth 2.0 BASICS
HOW OAuth 2.0 WORKS?
AUTHORIZATION CODE GRANT
IMPLICIT GRANT
WHERE OAuth 2.0 IS USED?
ATTACKS ON OAuth 2.0 INTEGRATIONS
TOKEN STEALING - What we do?
TOKEN STEALING - Secret Methodology
Case Study
PROOF OF CONCEPT
CODE STEALING - What we do?
CODE STEALING-Secret Methodology
CSRF - What we do?
CODE STEALING - Secret Methodology
ATTACK WORKFLOW
TOKEN IMPERSONATION - What we do?
TOKEN IMPERSONATION. Secret Methodology
CONCLUSION

Taught by

Bugcrowd

Reviews

Start your review of Hacking OAuth 2.0 for Fun and Profit

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.