Top X OAuth 2 Hacks


method_archi Methodology & Architecture

Room C

Saturday from 15:30 til 16:20

Il protocollo OAuth consente ad un utente di concedere l'accesso a delle risorse protette dell'utente, senza necessariamente rivelare le proprie credenziali a lungo termine, o addirittura la sua identità. OAuth 2 è ampiamente utilizzato dai principali operatori di Internet (come Google, Facebook, Twitter), al fine di garantire un access sicuro alle loro (REST) APIs. In questa presentazione sarà presentato il protocollo OAuth 2 e verrano evidenziate insidie di sicurezza e comuni errori di implementazione.

Antonio Sanso Antonio Sanso

Antonio works as Senior Software Engineer at Adobe Research Switzerland where he is part of the Adobe Experience Manager security team. Antonio is co-author of “OAuth 2 in Action" book. He found vulnerabilities in popular software as OpenSSL, Google Chrome, Apple Safari and is included in the Google, Facebook, Microsoft, Paypal and Github security hall of fame. He is an avid open source contributor, being the Vice President (chair) for Apache Oltu and PMC member for Apache Sling. His working interests span from web application security to cryptography. Antonio is also the author of more than a dozen computer security patents and applied cryptography academic papers. He holds an MSc in Computer Science.