October 24, 2023

OAuth, WebAuthn, & The Impact of Design Choices - Dan Moore - ASW #260

Listen Later

1 hour 18 minutes

We return to discussions of OAuth and all sorts of authentication. This time around we're looking at the design of authentication protocols, the kinds of trade-offs they weigh for adoption and security, and how a standard evolves over time to keep pace with new attacks and put to rest old mistakes.

Segment resources:

https://fusionauth.io/docs/v1/tech/core-concepts/modes
https://webauthn.wtf/
https://datatracker.ietf.org/doc/html/rfc7636
https://www.ietf.org/about/participate/tao/

In the news, appsec lessons from the Okta breach, directory traversal (and appsec) lessons from SolarWinds, how CISOs and Boards rank factors around vulns and patching, revisiting cryptocurrency attacks for lessons in business logic and threat modeling, CISA and friends update guidance on Secure Design, and more!

Visit https://securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/secweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/asw-260

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Application Security Weekly (Audio)

By Security Weekly Productions

4.9

1111 ratings

October 24, 2023

OAuth, WebAuthn, & The Impact of Design Choices - Dan Moore - ASW #260

Listen Later

1 hour 18 minutes

We return to discussions of OAuth and all sorts of authentication. This time around we're looking at the design of authentication protocols, the kinds of trade-offs they weigh for adoption and security, and how a standard evolves over time to keep pace with new attacks and put to rest old mistakes.

Segment resources:

https://fusionauth.io/docs/v1/tech/core-concepts/modes
https://webauthn.wtf/
https://datatracker.ietf.org/doc/html/rfc7636
https://www.ietf.org/about/participate/tao/

In the news, appsec lessons from the Okta breach, directory traversal (and appsec) lessons from SolarWinds, how CISOs and Boards rank factors around vulns and patching, revisiting cryptocurrency attacks for lessons in business logic and threat modeling, CISA and friends update guidance on Secure Design, and more!

Visit https://securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/secweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/asw-260

...more

More shows like Application Security Weekly (Audio)

Marketplace Tech by Marketplace

Marketplace Tech

1,275 Listeners

Security Now (Audio) by TWiT

Security Now (Audio)

1,966 Listeners

Risky Business by Patrick Gray

Risky Business

360 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

628 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,012 Listeners

Enterprise Security Weekly (Audio) by Security Weekly Productions

Enterprise Security Weekly (Audio)

14 Listeners

AWS Podcast by Amazon Web Services

AWS Podcast

201 Listeners

Business Security Weekly (Audio) by Security Weekly Productions

Business Security Weekly (Audio)

3 Listeners

Paul's Security Weekly (Audio) by Security Weekly Productions

Paul's Security Weekly (Audio)

14 Listeners

The Application Security Podcast by Chris Romeo and Robert Hurlbut

The Application Security Podcast

36 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,842 Listeners

Hacking Humans by N2K Networks

Hacking Humans

311 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

78 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

119 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

33 Listeners