Slides from a talk I gave at IBWAS'10 in Lisbon, Portugal.
Is the OAuth protocol really secure? Even though the OAuth authorization protocol has been published as the RFC 5849 and is being widely adopted by large Internet companies, it's important to stress out its possible security vulnerabilities.
This talk will focus on the OWASP Top 10 Application Security Risks and how OAuth is affected by them.
While some of the security risks are mitigated by OAuth, developers need to take some action to prevent other risks from affecting their implementations.