Exploiting nOAuth - Critical OpenID Connect Implementation Flaws in SaaS Applications
fwd:cloudsec via YouTube
Get 20% off all career paths from fullstack to AI
2,000+ Free Courses with Certificates: Coding, AI, SQL, and More
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore the persistent security threat of nOAuth attacks in this 49-minute conference talk that builds upon Descope's 2023 research on critical OpenID Connect implementation flaws. Discover how this vulnerability enables user account takeover in SaaS applications and learn why it remains an active threat despite Microsoft's disclosure efforts. Examine new research findings that identify additional implementation flaw patterns and methods for staging nOAuth abuse, while understanding the process of uncovering vulnerable applications and analyzing varying developer responses. Gain practical insights into real-world exploitation examples and develop actionable strategies to mitigate this critical risk in modern SaaS environments. Learn from expert analysis of common anti-patterns in OpenID Connect implementations and understand what these ongoing vulnerabilities mean for securing contemporary cloud applications.
Syllabus
Defenders hate it! Compromise vulnerable SaaS applications with this one weird trick
Taught by
fwd:cloudsec