Back To Schedule
Saturday, March 28 • 10:00am - 10:25am
Exploiting OAuth 2.0 and OpenID Connect: Lessons Learned from Bug Bounty Programs

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Modern authorization and authentication designs commonly rely on OAuth 2.0 and OpenID Connect (OIDC), and other related standards. When implemented properly, these protocols are powerful, flexible, and secure. However, design and implementation mistakes are common. Those mistakes could lead to a range of risks that vary from mild to severe, such as complete authentication bypass and and privilege escalation issues. 
To get an realistic insight about those risks, public bug bounty programs also provide us with a great information of different security vulnerabilities, including those associated with authorization and authentication problems. 
This technical presentation will review several examples of design and implementation flaws related to the modern authorization and authentication standards, their security risks, and how to mitigate those risks. This presentation is helpful for security architects, developers, testers, and anybody involved in implementing OAuth 2.0 or OIDC systems.

Zoom link: https://zoom.us/j/266304316

avatar for Nawwar Kabbani

Nawwar Kabbani

Software Test Architect, Fidelity National Financial
Nawwar Kabbani, M.Sc, CSSLP, is the lead of the QA Security Testing team at Fidelity National Financial. His team is responsible of testing applications for security vulnerabilities and implementing a secure development life-cycle program. He is usually engaged in security design... Read More →

Saturday March 28, 2020 10:00am - 10:25am EDT
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA