mitigations

Read more about the article What is OAuth, real-world examples and various OAuth attacks
Information Security / Mitigations / OAuth / OWASP top 10

What is OAuth, real-world examples and various OAuth attacks

OAuth is everywhere—from signing into your favorite apps using Google or GitHub to enabling secure access between APIs. But while OAuth is incredibly powerful, it’s also one of the most misunderstood and misconfigured components in modern applications. And that’s exactly why knowing its fundamentals isn't optional—it's critical. Misconfigurations in OAuth can open doors to serious vulnerabilities such as account takeover, token leakage,…

0 Comments
July 12, 2025
csrf-tokens
csrf / Information Security / Mitigations / Web application

How Servers Handle CSRF Tokens: Generation, Validation, and Best Practices

Welcome to Part 2 of the CSRF series!While spotting CSRF vulnerabilities during testing or bug bounties is often straightforward, have you ever paused to think about what really happens behind the scenes when implementing mitigations? In Part 1, we explored the fundamentals of Cross-Site Request Forgery (CSRF), why it's dangerous, and how browsers now defend against it using mechanisms like SameSite cookies…

0 Comments
May 11, 2025