Abstract
The websites are developed rapidly and wildly used by people around the world. The main reason is the increase of the immense number of internet users, which results in the security control of accessing sensitive information is necessary. The authorization server as the one security aspect which controls the access permission to the system. Many authentication protocols were proposed to meet these functional requirements. The open-standard authorization (OAuth) protocol is one of the well-known solutions widely used. However, many developers still misuse this protocol, which can cause security breaches. This paper proposes a tool named OVERSCAN, which is an OAuth2.0 scanner for misused or missing parameters. The experiments of using OVERSCAN have been conducted over 45 samples supporting OAuth2.0 protocol. The results show that 84.4% of samples lack significant parameters which can cause security problems.
Author supplied keywords
Cite
CITATION STYLE
Sumongkayothin, K., Rachtrachoo, P., Yupuech, A., & Siriporn, K. (2019). OVERSCAN: OAuth 2.0 Scanner for Missing Parameters. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11928 LNCS, pp. 221–233). Springer. https://doi.org/10.1007/978-3-030-36938-5_13
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
