Open Authentication (OAuth) is an open protocol allowing secure authentication and authorization using simple methods from desktop, web and mobile applications. It is a delegation protocol used for conveying authorization decisions for web-enabled applications and APIs.
OAuth has various applications, amongst which the most popular is providing mechanisms for user verification using social media passwords to log in into various websites or application servers without the need to create new accounts.
APIs for popular applications and websites use the OAuth protocol for user verification. The combination allows the software to use critical details from User Accounts without getting their password, for authorized access. Likewise for other applications, OAuth specifies a process for resource owners to authorize third-party access to their resources without the need for users to share their credentials explicitly.
A rigorous OAuth / API testing regime is the call of the hour for conforming privacy and to deliver a secure User Experience ensuring the privacy of all the sensitive data used.
Services for OAuth/API Testing
- Assessment of OAuth API Authentication Schemes
- OAuth Token Stealing
- XXE Injections
- Permission Checks
- Privilege Escalations