#backend #frontend #mobile

Hacking the native clients OAuth 2.0 - is this system safe?

Let's try to hack the authentication of the native clients using OAuth 2.0. OAuth has become the industry's go-to authentication mechanism, with a multitude of users seamlessly logging into apps with well-known platforms like Google or Twitter. Join us as we explore the limitations of standard OAuth flows for native clients, which allow attackers to get access to private data. We will play the attack vectors, try to mitigate such attacks using the PKCE (Proof Key for Code Exchange) extension, and question its future.

Key Takeaways:
  1. Discover the limitations of standard OAuth 2.0 flows for native clients and the associated risks and attack vectors.
  2. Gain insights into how PKCE extension addresses these challenges head-on, fortifying your applications against private resources' leaks.
  3. This talk will cover various mitigation strategies, best practices, and recommendations.
  • Difficulty Any level
  • Speech type Standard 40min

Alina Boshchenko
Software engineer and security champion at JetBrains
I am a software engineer and security champion at JetBrains. My current focuses are high-load systems, more specifically new transaction management concepts for the embedded database, software development on Kotlin/Java, and network security. As a member of the Security Champions team, I ensure the robustness of systems by identifying and fixing security issues.

I am a serial hackathonner and my interests also extend to mentorship, where I guide and support students through workshops and talks, equipping them with the necessary skills and knowledge to excel in their professional journeys.
Participation is necessary
But closed. Sold out already. See you next year.

Speakers / Agenda

The program is full of amazing talks about people, code, trends, and people again. All talks undergo a сareful selection process by our program committee. We don't accept marketing talks and don’t sell slots to sponsors. Only meaningful content, only hardcore.