Disclosure is an experimental security event that aims to bring together bleeding edge researchers and security professionals. Our goal is to create an environment where the latest research can be discussed. Somewhere where new techniques and threats can be disclosed to the information security community.
In this talk, Aaron Parecki, a contributor to the OAuth specifications, provides a summary of the recent updates to the OAuth 2.0 Security Best Current Practice spec, and sheds some light on the vulnerabilities and weaknesses that led to some of the changes. You'll learn how to look for potential flaws and what it takes to build a secure OAuth implementation.