OWASP Austin Chapter Monthly Meeting - September 2019

Event Information

Share this event

Date and Time

Location

Location

National Instruments

11500 North Mopac Expressway, Building C

Austin, TX 78759

View Map

Event description

Description


OAuth 2.0 Misimplementation, Vulnerabilities and Best Practices

OAuth 2.0 is an authorization framework that enables third party applications to obtain temporary limited authorization to access a protected resource on behalf of a resource owner. The framework is defined by authorization interactions that are each scoped to the type of client obtaining authorization and the type or types of resource owners that must grant access. Diverging from these defined scopes can open up various interception and redirect attack vectors that can grant a malicious actor access to protected resources. For this talk, we will be discussing Public Clients vs Confidential Clients, User Authentication vs Client Authentication, Proof Key for Code Exchange (PKCE) for Public Clients, and how restricting certain OAuth flows to either Public or Confidential Clients is required to mitigate unauthorized access to protected resources.

Speaker: Pak Foley

Pak Foley is a Security Engineer at Procore Technologies. He has specialized in Identity and Access Management with a focus on architecting enterprise OAuth and SAML solutions for authentication and authorization throughout distributed systems. With a passion for OAuth in particular, he has spent much of his time seeking out and mitigating vulnerabilities from misimplemented OAuth solutions and contributed to the open source Rails OAuth provider, Doorkeeper. His passion for securing web applications has prompted his recent move from IAM to security.

Food: Taco Deli. Arriving at 11:30 AM gives you time to get some food and find a seat. We try to start the meeting around 11:50 AM.



NOTE: This will be our last chapter meeting of the year. Our next one will be in January. Of course we hope to see you all next month at LASCON. https://lascon.org



Date and Time

Location

National Instruments

11500 North Mopac Expressway, Building C

Austin, TX 78759

View Map

Save This Event

Event Saved