Summary

OAuth 2.0 security is something that I recommend researching. There are lots of issues which are only limited to a single provider because they heavily modify the OAuth to suit their users; this tweaking leads to more bugs. This chapter dealt with the useful basics of OAuth and the different ways in which we could exploit OAuth security. There are some classic OAuth bugs, which I didn't cover here but I recommend you read about the state parameter OAuth2 CSRF.

There are certain techniques which came into existence recently and I suggest you go through them as they are at a nascent stage:

https://techzone.ergon.ch/oauth-307Redirect-idpMixUp

For further OAuth techniques, these websites are a must:

http://www.oauthsecurity.com/

http://homakov.blogspot.com/ ...

Get Mastering Modern Web Penetration Testing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Modern Web Penetration Testing by Prakhar Prasad

Summary

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly