Don Bowman / Page 2

Don Bowman

OAuth 2.0 Client Threats

OAuth 2.0 and the client. Use Defense In Depth. Secure the client, and then assume it can still be compromised. Zero Trust.

OAuth 2.0 Threat Model and Security Considerations

OAuth 2.0 has simplified authentication and authorisation for many applications, shifting from custom code to simple library import. However, as more applications come to rely on it, this makes its weaknesses more interesting. An attacker can gain access to a broader set of data via a smaller set of tactics and techniques. First lets understand the threat areas, and then, the best current practices for addressing them.

Reject The Status Quo: Zero Trust Status Future

The myth of the VPN, the Firewall as the only and best method of remote access has lived for 20 years. Let’s retire it together.
I discuss the myth, and, an outbound-only, no firewall reconfiguration method, no client method of achieving your goals of happier productive users accessing their data and applications.