Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Explore the vulnerabilities in OAuth 2.0 implementation for Online Social Networks (OSNs) in this 31-minute Black Hat conference talk. Discover how application impersonation can lead to massive user data leakage, even when best practices are followed. Learn about a proof-of-concept experiment that demonstrates the ability to collect a 100-million-user social graph in just one week for only $150 USD. Understand the root causes of these security issues, including the implicit-authorization-grant flow and bearer-token usage. Examine the consequences of privilege escalation and the urgent need for industrial practitioners to review their API designs. Gain insights into potential solutions, such as providing opt-out mechanisms for certain OAuth features and considering application protection in future protocol designs. Delve into topics like the Implicit Flow, Token Types, and strategies for preventing application impersonation.
