Update: Authentication_Cheat_Sheet

OWASP / CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

https://cheatsheetseries.owasp.org

Creative Commons Attribution Share Alike 4.0 International

27.9k stars 3.91k forks source link

Update: Authentication_Cheat_Sheet #1518

Open chessmadridista opened 4 hours ago

chessmadridista commented 4 hours ago

What is missing or needs to be updated?

The recommendation is to use and implement OAuth 1.0a or OAuth 2.0 since the very first version (OAuth1.0) has been found to be vulnerable to session fixation.

implement OAuth 1.0a or OAuth 2.0 does not match with the later part of the sentence. Here is the link.

How should this be resolved?

It should be implement OAuth 2.0 instead of implement OAuth 1.0a or OAuth 2.0

chessmadridista commented 4 hours ago

May I take up this issue?

jmanico commented 4 hours ago

I agree 100% and am looking forward to your PR! Might even want to suggestion 2.0 or 2.1 or mention https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics

chessmadridista commented 3 hours ago

Hi @jmanico!

Sure, I will mention that as a link to the term OAuth 2.0.