OAuth Proof of Possession draft are here!
One of the concerns about OAuth 2.0 is that it uses bearer tokens, that are a kind of tokens that are not tied to any context at all. That means that any party in possession of a token can get access...
View ArticleCovert Redirect: Facebook and ESPN Security, oh my god…
Yesterday a vulnerability was published under the name of Covert Redirect as a new security flag in OAuth 2.0 / OpenId. In the article says: Covert Redirect is an application that takes a parameter and...
View ArticleClik here to view.
Speaking at UTN: Security Stack for Modern Applications
Next December 19 I will be closing the year speaking about Security Architectures for modern applications at Argentine National Technological University in Buenos Aires. The National Technological...
View ArticleSecurity Stack for Modern Apps talk at UTN: The video (Spanish)
Last December 19 I was invited by the Argentine National Technological University (UTN) in Buenos Aires to speak about security architectures in modern apps. On my talk I covered Token-based...
View Article
