Toptube Video Search Engine



Title:The insecurity of OAuth 2.0 in frontends - Philippe de Ryck - NDC Security 2023
Duration:57:18
Viewed:13,365
Published:03-04-2023
Source:Youtube

Everyone agrees that Cross-Site Scripting (XSS) is a real threat to browser-based applications, but many underestimate the true power of XSS. In fact, various OAuth 2.0 security mechanisms for frontends, such as refresh token rotation or token isolation in workers, fail to look beyond script kiddie XSS attacks. In this talk, we take an in-depth look at the consequences of XSS in frontend OAuth 2.0 clients. We explore real-world attacker capabilities and map them against a concrete threat model. We also explore how structural solutions like the Backend-for-Frontend pattern effectively increase the security of frontend applications. By the end of this session, you will have the necessary knowledge to assess the security of your frontends and choose the appropriate defense strategy. Check out our new channel: NDC Clips: @ndcclips Check out more of our featured speakers and talks at https://ndcconferences.com/ https://ndc-security.com/



SHARE TO YOUR FRIENDS


Download Server 1


DOWNLOAD MP4

Download Server 2


DOWNLOAD MP4

Alternative Download :