Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...
CSOonline

Booking.com account takeover flaw shows possible pitfalls in OAuth implementations

Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to ...
Security

Salt Security enhances API security platform with OAuth protection package

PALO ALTO, Calif., April 25, 2024 -- Salt Security today announced the release of its new multi-layered OAuth protection package to detect attempts to exploit OAuth and proactively fix vulnerabilities ...
Security Boulevard

The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity

The Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload ...
Infosecurity-magazine.com

OAuth – authentication and authorization for mobile applications

Federation is a model of identity management that distributes the various individual components of an identity operation amongst different actors. The presumption being that the jobs can be ...