Re: [security-dev] OAuth 2.0 and the Road to XSS: attacking Facebook Platform

Friday, 12 April 2013

Yup, pretty much the implicit model and Facebook's poor implementation. 
  Its funny how people are proclaiming how vulnerable the OAuth implicit 
model is, when the spec already pretty much spells out how vulnerable it is.

On 4/12/2013 5:38 PM, Bill Burke wrote:
...
 Before I read this, I think the XSS attacks are centered around the
 public OAuth protocols, one-way SSL + confidential clients pretty much
 protect against these issues, IIRC.

 On 4/12/2013 4:28 PM, Bruno Oliveira wrote:
> Interesting presentation:
http://conference.hitb.org/hitbsecconf2013ams/materials/D2T1%20-%20Andrey...
>
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: [security-dev] OAuth 2.0 and the Road to XSS: attacking Facebook Platform