all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Cross-Tenant Request Forgery Attack in Multi-Tenancy Environments - Albert Yu & Alan Bishop

Add to bookmarks
Nov. 20, 2023, 10:23 p.m. | OWASP Foundation

OWASP Foundation www.youtube.com

Unveiling the Cross-Tenant Request Forgery Attack in Multi-Tenancy Environments

Description
To build a SaaS application platform, most platform owners rely on integrations with more popular ecosystems such as Microsoft Azure, Google Workspace, Okta, Github, Atlassian Jira, etc. The industry has moved towards open standards like OAuth for access delegation, but there are several flavors (e.g. 3LO, 2LO, SPA) of OAuth and each flavor works in different scenarios. Some API access mandates a particular flavor of OAuth.

What's adding to the …

alan application atlassian attack azure build ecosystems environments etc forgery github google google workspace industry integrations jira microsoft microsoft azure multi-tenancy oauth okta open standards platform popular request saas saas application standards workspace

Visit resource

More from www.youtube.com / OWASP Foundation

OWASP 2024 Global AppSec Lisbon -- Promo 5 days, 10 hours ago | www.youtube.com
foundation managed owasp
Security for Citizen Developers: Low-Code/No-Code Cybersecurity Threats 1 week, 4 days ago | www.youtube.com
foundation managed owasp
Meet OWASP Top 10 for LLM Apps at RSA! 1 month, 1 week ago | www.youtube.com
apps calling conference foundation +14
AI and API Security Panel 1 month, 1 week ago | www.youtube.com
api apis apisec api security +31
OWASP Spot 2 months ago | www.youtube.com
foundation managed owasp
The State of Secure DevOps - Security enables Velocity 3 months ago | www.youtube.com
accelerate can challenge change +17
OpenCRE.org - Universal Translator for Security 3 months ago | www.youtube.com
authors business business risk code +19
Level Up Your Security Champions (and Your Program) 3 months ago | www.youtube.com
application application security build current +12
How to Avoid Potholes When Scaling Your Application Security Program 3 months ago | www.youtube.com
application application security build companies +13

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

COMM Penetration Tester (PenTest-2), Chantilly, VA OS&CI Job #368

@ Allen Integrated Solutions | Chantilly, Virginia, United States
View on infosec-jobs.com

Consultant Sécurité SI H/F Gouvernance - Risques - Conformité

@ Hifield | Sèvres, France
View on infosec-jobs.com

Infrastructure Consultant

@ Telefonica Tech | Belfast, United Kingdom
View on infosec-jobs.com