The offering is available at launch to Salt customers through the Salt Security API protection platform.
Increase in OAuth attacks
Threat actors have widely targeted the OAuth authorization framework due to the incomplete understanding of its controls and poor configuration enforcement.
“Since there are numerous ways that the OAuth process can be implemented, it’s easy to not properly or fully configure OAuth when initially implementing it,” said David Vance, senior analyst at ESG Global. “Moreover, the OAuth specification is relatively vague and flexible by design, so it’s easy to configure OAuth to “just work”, but not be implemented in a fully secure manner. As a result, the most common exploits involve attackers taking advantage of these OAuth misconfigurations and poor implementations, especially during the OAuth flow (aka authentication process) that leads to unauthorized access to user data or systems.”
