all InfoSec news
Browserless Entra Device Code Flow
March 6, 2024, 3:17 p.m. | Andy Robbins
Security Boulevard securityboulevard.com
Did you know that it is possible to perform every step in Entra’s OAuth 2.0 Device Code flow — including the user authentication steps — without a browser?
Why that matters:
- Automating authentication flows enables and accelerates comprehensive and ongoing offensive research
- Headless authentication frees red teamers and pentesters from requiring browser or cookie access
- Demonstrating and explaining the automated flow enables future research and tooling by other parties, including automation of other …
authentication azure browser cloud computing cloud security code cybersecurity device entra flow germany headless information technology microsoft oauth oauth 2.0 offensive photo research sbn news
More from securityboulevard.com / Security Boulevard
Understanding Cybersecurity Vulnerabilities
1 day, 12 hours ago |
securityboulevard.com
Open-Source Software Security
1 day, 14 hours ago |
securityboulevard.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Associate Compliance Advisor
@ SAP | Budapest, HU, 1031
DevSecOps Engineer
@ Qube Research & Technologies | London
Software Engineer, Security
@ Render | San Francisco, CA or Remote (USA & Canada)
Associate Consultant
@ Control Risks | Frankfurt, Hessen, Germany
Senior Security Engineer
@ Activision Blizzard | Work from Home - CA