This episode continues the BSCP guide. Specifically, we focus on the OAuth framework and we showcase practical vulnerabilities that can be used to perform authentication bypasses.
If you are interested in web security testing, I have prepared a course in which I showcase how to find, exploit and explain 40 security issues.
- Practical WAPT course: https://www.udemy.com/course/practical-wapt/?referralCode=15450B3828BA5A3B23CB
Discover and support my work
- https://hexdump.sh
- https://www.patreon.com/hexdump
-------------------------
TIMESTAMP
00:00 Introduction to OAuth
08:17 Lab 1 - OAuth implicit flow
15:11 Lab 2 - OpenID client registration
23:35 Lab 3 - OAuth profile linking
30:01 Lab 4 - Account Hijacking via redirect_uri
