Category: Web Attacks

• 15th Feb 2021

  OAuth 2.0 – Part Three

  Hello everyone, in this final installation of the OAuth blog series, we’ll be covering two vulnerabilities in the OAuth implementation. If you haven’t checked out the previous parts you can check out part one here and part two here. Before we get started, a big thanks to PortSwigger and their Web Security Academy Labs! The…
• 2nd Feb 2021

  OAuth 2.0 – Part two

  Continuing our previous post, where we discussed the basics of how OAuth 2.0 authentication worked, some known issues which arise due to either lack of understanding of the framework itself, or poor configuration of the same. In this blog, we’ll talk a little bit in detail of the vulnerabilities we had previously discussed. Vulnerabilities in…
• 22nd Jan 2021

  OAuth 2.0 – Part one

  At least once till date, you must’ve come across  sites that let you log in using your social media account [Facebook, LinkedIn, Google & various such platforms] The chances are that this feature is built using the well known OAuth 2.0 framework. This framework is liked by Pentesters because it is; Extremely common. Vulnerable due…