AppSec Blog: Category - OAuth

REST Security Protections

Greg Leonard is an instructor with the SANS Institute for DEV541: Secure Coding in Java/JEE. REST Security Protections Representational State Transfer (REST) has become popular in modern web application development. They take advantage of HTTP, a well established web communication protocol, and provide a simple-to-understand framework for delivering a flexible and highly performant content delivery … Continue reading REST Security Protections


LinkedIn OAuth Open Redirect Disclosure

During a recent mobile security engagement, I discovered an Insecure Redirect vulnerability in the LinkedIn OAuth 1.0 implementation that could allow an attacker to conduct phishing attacks against LinkedIn members. This vulnerability could be used to compromise LinkedIn user accounts, and gather sensitive information from those accounts (e.g. personal information and credit card numbers). The … Continue reading LinkedIn OAuth Open Redirect Disclosure