October 2023

Oh-Auth - Abusing OAuth to take over millions of accounts

Oct 24, 2023 By Aviad Carmel In Salt Security

OAuth (Open Authorization) is one of the fastest adopted technologies in the AppSec domain. From its first introduction in 2006, as an attempt to introduce a standard authorization protocol, it has become one of the most popular protocols for both user authorization and authentication, and it’s being used by almost every major web service and website today. One of the reasons for its huge popularity is its ease of implementation.

Read Post

Salt Security

Read more about Oh-Auth - Abusing OAuth to take over millions of accounts

OAuth security gaps at Grammarly (now remediated)

Oct 24, 2023 By Salt Security In Salt Security

This short video explains how Salt Labs researchers identified several critical security flaws on the popular site - Grammarly. The flaws were found in the site's authentication functionality and could have allowed a malicious attacker to take over user accounts, access profile information, and take actions on behalf of the user. All issues were reported to Grammarly and have been resolved with no evidence of these flaws being actively exploited in the wild. In the research, they also found similar vulnerabilities in Vidio.com and Bukalapak.com.

View Video

Salt Security

API
Security

Read more about OAuth security gaps at Grammarly (now remediated)

API Security in Healthcare

Oct 2, 2023 By Salt Security In Salt Security

This short video highlights the "State of API Security for the Healthcare Sector" report and emphasizes the growing importance of APIs for success and the challenges in protecting them.

View Video

Salt Security

API
Security

Read more about API Security in Healthcare

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2023

Oh-Auth - Abusing OAuth to take over millions of accounts

OAuth security gaps at Grammarly (now remediated)

API Security in Healthcare

Monthly Archive

Follow Us