[security-dev] OAuth 2.0 and the Road to XSS: attacking Facebook Platform
Bill Burke
bburke at redhat.com
Fri Apr 12 17:43:11 EDT 2013
Yup, pretty much the implicit model and Facebook's poor implementation.
Its funny how people are proclaiming how vulnerable the OAuth implicit
model is, when the spec already pretty much spells out how vulnerable it is.
On 4/12/2013 5:38 PM, Bill Burke wrote:
> Before I read this, I think the XSS attacks are centered around the
> public OAuth protocols, one-way SSL + confidential clients pretty much
> protect against these issues, IIRC.
>
> On 4/12/2013 4:28 PM, Bruno Oliveira wrote:
>> Interesting presentation: http://conference.hitb.org/hitbsecconf2013ams/materials/D2T1%20-%20Andrey%20Labunets%20and%20Egor%20Homakov%20-%20OAuth%202.0%20and%20the%20Road%20to%20XSS.pdf
>>
>>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the security-dev
mailing list