October 24, 2023

OAuth, WebAuthn, & The Impact of Design Choices - Dan Moore - ASW #260

Listen Later

1 hour 18 minutes

We return to discussions of OAuth and all sorts of authentication. This time around we're looking at the design of authentication protocols, the kinds of trade-offs they weigh for adoption and security, and how a standard evolves over time to keep pace with new attacks and put to rest old mistakes.

Segment resources:

https://fusionauth.io/docs/v1/tech/core-concepts/modes
https://webauthn.wtf/
https://datatracker.ietf.org/doc/html/rfc7636
https://www.ietf.org/about/participate/tao/

In the news, appsec lessons from the Okta breach, directory traversal (and appsec) lessons from SolarWinds, how CISOs and Boards rank factors around vulns and patching, revisiting cryptocurrency attacks for lessons in business logic and threat modeling, CISA and friends update guidance on Secure Design, and more!

Visit https://securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/secweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/asw-260

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Security Weekly Podcast Network (Audio)

By Security Weekly Productions

4.4

208208 ratings

October 24, 2023

OAuth, WebAuthn, & The Impact of Design Choices - Dan Moore - ASW #260

Listen Later

1 hour 18 minutes

We return to discussions of OAuth and all sorts of authentication. This time around we're looking at the design of authentication protocols, the kinds of trade-offs they weigh for adoption and security, and how a standard evolves over time to keep pace with new attacks and put to rest old mistakes.

Segment resources:

https://fusionauth.io/docs/v1/tech/core-concepts/modes
https://webauthn.wtf/
https://datatracker.ietf.org/doc/html/rfc7636
https://www.ietf.org/about/participate/tao/

In the news, appsec lessons from the Okta breach, directory traversal (and appsec) lessons from SolarWinds, how CISOs and Boards rank factors around vulns and patching, revisiting cryptocurrency attacks for lessons in business logic and threat modeling, CISA and friends update guidance on Secure Design, and more!

Visit https://securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/secweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/asw-260

...more

More shows like Security Weekly Podcast Network (Audio)

Security Now (Audio) by TWiT

Security Now (Audio)

2,005 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

372 Listeners

Risky Business by Patrick Gray

Risky Business

372 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

652 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,025 Listeners

Smashing Security by Graham Cluley

Smashing Security

319 Listeners

Click Here by Recorded Future News

Click Here

419 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,076 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

176 Listeners

Hacking Humans by N2K Networks

Hacking Humans

315 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

187 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

73 Listeners

Cybersecurity Headlines by CISO Series

Cybersecurity Headlines

140 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

44 Listeners

Hacker And The Fed by Chris Tarbell & Hector Monsegur

Hacker And The Fed

168 Listeners