Salt Security adds defense against OAuth attacks
- by nlqip
Salt is the first and the only vendor in the market to provide this functionality to help mitigate risk associated with a new class of OAuth threats, Schwake claimed.
In-house AI for mitigation
Vulnerabilities in OAuth systems can leave access tokens or authorization codes susceptible to theft. Attackers can leverage those stolen elements to impersonate legitimate users and gain unauthorized access to sensitive resources and applications, the company said in a press statement.
“The OAuth 2.0 framework is the industry standard protocol for authentication that has been around for years now (I believe since 2012),” Vance said. “There have been numerous vulnerabilities discovered involving OAuth 2.0, but most are a result of a misconfiguration or poor implementation of OAuth 2.0 that resulted in unauthorized access to user data or unauthorized access to an application or system by bypassing authentication completely.”
Salt Security uses the Salt platform’s proprietary AI to power the new OAuth protection offering. “Our unique AI engine allows us to help detect and mitigate OAuth threats to mitigate risk within APIs in a differentiated fashion,” Schwake added.
Salt Security’s OAuth enhancements are great and needed, considering the increased usage of APIs and microservices that utilize OAuth for authentication and how easy it is to not fully implement OAuth securely, Vance added.
Source link
lol
Salt is the first and the only vendor in the market to provide this functionality to help mitigate risk associated with a new class of OAuth threats, Schwake claimed. In-house AI for mitigation Vulnerabilities in OAuth systems can leave access tokens or authorization codes susceptible to theft. Attackers can leverage those stolen elements to impersonate…
Recent Posts
- Ivanti Says ‘Critical’ Cloud Gateway Vulnerability Seeing Exploitation
- Microsoft Edge will flag extensions causing performance issues
- Sophos CEO On How EDR Vendors, Microsoft Are ‘Rethinking’ Security After CrowdStrike Outage
- This Windows PowerShell Phish Has Scary Potential – Krebs on Security
- Unexplained ‘Noise Storms’ flood the Internet, puzzle experts