OAuth - Securing the Insecure

Black Hat USA 2011

Presented by: Khash Kiani
Date: Wednesday August 03, 2011
Time: 16:05 - 16:30
Location: Florentine
Track: Turbo Talks

OAuth is an emerging open-web specification for a growing number of organizations to access protected resources on each other's web sites. This presentation is a focused study of this user-centric Identity technology and its security weaknesses. We will present concise scenarios of how insecure implementations of this protocol can be abused maliciously. We examine the characteristics of some of these attack vectors, with real-world examples, and discuss tips on secure implementation and countermeasures.

Khash Kiani

Khash Kiani is a security consultant with over 13 years of experience in building and securing software applications for large defense, insurance, retail, technology, and health care organizations. He specializes in application security integration, penetration testing, and social-engineering assessments. Khash currently holds the GIAC GWAPT, GCIH, and GSNA certifications. He can be reached at khash@thinksec.com


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats