Salt Security adds defense against OAuth attacks
- by nlqip
Salt is the first and the only vendor in the market to provide this functionality to help mitigate risk associated with a new class of OAuth threats, Schwake claimed.
In-house AI for mitigation
Vulnerabilities in OAuth systems can leave access tokens or authorization codes susceptible to theft. Attackers can leverage those stolen elements to impersonate legitimate users and gain unauthorized access to sensitive resources and applications, the company said in a press statement.
“The OAuth 2.0 framework is the industry standard protocol for authentication that has been around for years now (I believe since 2012),” Vance said. “There have been numerous vulnerabilities discovered involving OAuth 2.0, but most are a result of a misconfiguration or poor implementation of OAuth 2.0 that resulted in unauthorized access to user data or unauthorized access to an application or system by bypassing authentication completely.”
Salt Security uses the Salt platform’s proprietary AI to power the new OAuth protection offering. “Our unique AI engine allows us to help detect and mitigate OAuth threats to mitigate risk within APIs in a differentiated fashion,” Schwake added.
Salt Security’s OAuth enhancements are great and needed, considering the increased usage of APIs and microservices that utilize OAuth for authentication and how easy it is to not fully implement OAuth securely, Vance added.
Source link
lol
Salt is the first and the only vendor in the market to provide this functionality to help mitigate risk associated with a new class of OAuth threats, Schwake claimed. In-house AI for mitigation Vulnerabilities in OAuth systems can leave access tokens or authorization codes susceptible to theft. Attackers can leverage those stolen elements to impersonate…
Recent Posts
- Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms
- How to reduce cyber risk during employee onboarding
- Germany seizes 47 crypto exchanges used by ransomware gangs
- Police dismantles phone unlocking ring linked to 483,000 victims
- Ahead Adds Former Google Cloud VP To Board To ‘Fuel’ AI, Hybrid Cloud