[security-dev] OAuth 2.0 and the Road to XSS: attacking Facebook Platform

Bill Burke bburke at redhat.com
Fri Apr 12 17:43:11 EDT 2013

Yup, pretty much the implicit model and Facebook's poor implementation. 
  Its funny how people are proclaiming how vulnerable the OAuth implicit 
model is, when the spec already pretty much spells out how vulnerable it is.

On 4/12/2013 5:38 PM, Bill Burke wrote:
> Before I read this, I think the XSS attacks are centered around the
> public OAuth protocols, one-way SSL + confidential clients pretty much
> protect against these issues, IIRC.
> On 4/12/2013 4:28 PM, Bruno Oliveira wrote:
>> Interesting presentation: http://conference.hitb.org/hitbsecconf2013ams/materials/D2T1%20-%20Andrey%20Labunets%20and%20Egor%20Homakov%20-%20OAuth%202.0%20and%20the%20Road%20to%20XSS.pdf

Bill Burke
JBoss, a division of Red Hat

More information about the security-dev mailing list