Player FM 앱으로 오프라인으로 전환하세요!
OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289
Fetch error
Hmmm there seems to be a problem fetching this series right now. Last successful fetch was on July 01, 2024 14:05 ()
What now? This series will be checked again in the next day. If you believe it should be working, please verify the publisher's feed link below is valid and includes actual episode links. You can contact support to request the feed be immediately fetched.
Manage episode 425593351 series 2591184
OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by default, but it's not even always inter-operable.
Segment Resources:
- https://oauth.net/2.1
- https://oauth.net/specs/
- https://oauth2simplified.com/
- https://oauth.net/2/dpop/
- https://oauth.net/2/oauth-best-practice/
- https://oauth.net/fapi/
- https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
Thoughts on shared responsibility models after the Snowflake credential attacks, looking at AI's current and future role in offensive security, secure by design lessons from Apple's Private Cloud Computer, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-289
2949 에피소드
Fetch error
Hmmm there seems to be a problem fetching this series right now. Last successful fetch was on July 01, 2024 14:05 ()
What now? This series will be checked again in the next day. If you believe it should be working, please verify the publisher's feed link below is valid and includes actual episode links. You can contact support to request the feed be immediately fetched.
Manage episode 425593351 series 2591184
OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by default, but it's not even always inter-operable.
Segment Resources:
- https://oauth.net/2.1
- https://oauth.net/specs/
- https://oauth2simplified.com/
- https://oauth.net/2/dpop/
- https://oauth.net/2/oauth-best-practice/
- https://oauth.net/fapi/
- https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
Thoughts on shared responsibility models after the Snowflake credential attacks, looking at AI's current and future role in offensive security, secure by design lessons from Apple's Private Cloud Computer, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-289
2949 에피소드
Alla avsnitt
×플레이어 FM에 오신것을 환영합니다!
플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.