TRACK 11 – OWASP
Applikasjonssikkerhet
WHERE?
Lillehammer Kino Sal 2
WHEN?
Tuesday, 09:00 - 09:30
Language
English
Frans Rosén, Security Advisor, Detectify
ABOUT THE PRESENTATION
Intentionally triggering abnormal flows in "Sign-in"-functionality using OAuth, combined with various third-party javascript gadgets allows vulnerable scenarios where authorization credentials could leak to an attacker – even without XSS. Frans Rosén, Security Advisor at Detectify goes through different scenarios found in the wild and shows examples and methodologies used to find and exploit these attack chains also affecting some of the larger and more popular bug bounty programs out there.
ABOUT THE PRESENTER
Frans Rosén is a tech entrepreneur, bug bounty hunter and a Security Advisor at Detectify. He's a frequent blogger at Detectify Labs and a top ranked participant of bug bounty programs.
LinkedIn: url