Autoplay
Autocomplete
Previous Lesson
Complete and Continue
OAuth 2.0 Vulnerabilities
Introduction
Course Introduction (2:03)
Course Slides and Scripts
Getting Help
Answering Your Questions (3:11)
Join the Discord Server
Lab Environment Setup
Lab Environment Setup (7:21)
Step-by-Step Guide
OAuth 2.0 Vulnerabilities - Technical Deep Dive
Agenda (1:19)
OAuth 2.0 (18:08)
OpenID Connect (5:18)
How to Find & Exploit OAuth 2.0 & OpenID Connect Vulnerabilities (17:35)
How to Secure OAuth 2.0 Implementation (3:53)
Resources (0:54)
Hands-On OAuth 2.0 & OpenID Connect Vulnerabilities Labs
Lab #1 Authentication bypass via OAuth implicit flow (14:36)
Lab #2 SSRF via OpenID dynamic client registration (18:13)
Lab #3 Forced OAuth profile linking (13:04)
Lab #4 OAuth account hijacking via redirect_uri (13:25)
Lab #5 Stealing OAuth access tokens via an open redirect (24:42)
Lab #6 Stealing OAuth access tokens via a proxy page (21:26)
Thank You!
Thank You!
Course Introduction
Complete and Continue