View More ASW Episodes

OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication – Aaron Parecki – ASW #289

OAuth 2.0 is more than just a single spec and it’s used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by default, but it’s not even always inter-operable. Segment Resources: https://oauth.net/2.1 https://oauth.net/specs/ https://oauth2simplified.com/ https://oauth.net/2/dpop/ https://oauth.net/2/oauth-best-practice/ https://oauth.net/fapi/ https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API Thoughts on shared responsibility models after the Snowflake credential attacks, looking at AI’s current and future role in offensive security, secure by desi...

Full Show Notes
Segment One

OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication – Aaron Parecki – ASW #289

OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by default, but it's not even always inter-operable.

Segment Resources:

Guest
Director of Identity Standards at Okta

Aaron Parecki is Director of Identity Standards at Okta with over 20 years of experience in the industry. He is active in multiple standards development organizations (SDOs), including IETF, OpenID Foundation, and W3C. He is an editor of OAuth 2.1 along with several other OAuth specifications, and co-chairs the SCIM working group at IETF, and the IPSIE working group at the OpenID Foundation. He has taught the fundamentals of OAuth and online security to thousands of developers worldwide through his book OAuth 2.0 Simplified as well as video courses and live online trainings.

Announcements

  • We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!

Segment Two

Shared Responsibility Models, AI in Offensive Security, Apple’s Private Cloud Compute – ASW #289

Thoughts on shared responsibility models after the Snowflake credential attacks, looking at AI's current and future role in offensive security, secure by design lessons from Apple's Private Cloud Computer, and more!

Announcements

  • Stay up-to-date with us on X (formerly known as Twitter) for the latest show clips and updates! Find us @SecWeekly and stay connected with our cybersecurity community.

List of Articles

Mike Shema

  1. No Snow, No Flakes: Pondering Cloud Security Shared Responsibility, Again! | by Anton Chuvakin
  2. Using AI for Offensive Security | CSA
  3. Challenges in Red Teaming AI Systems Anthropic
  4. Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
  5. Private Cloud Compute: A new frontier for AI privacy in the cloud – Apple Security Research
  6. ThinkstScapes Research Roundup – Q1 – 2024

    Here's the PDF.

Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Episodes

Related Content

You can skip this ad in 5 seconds