OAuth Authorization and Security

We will be meeting at the usual location in Reston, and good food + drinks will be provided as always.

We will have a technical presentation on OAuth, and we will have an open forum on some upcoming changes to the chapter's format that we want feedback on before we move ahead with them. Our goal is to make OWASP NoVa a group that not only spreads education, but produces material for the broader application security community. Please join us and have your say in the way OWASP NoVa runs in the future!

Title: OAuth 1.0 Authorization and Security

Abstract: OAuth 1.0 is an authorization standard based on the idea of a “valet key”. This presentation will provide an overview of the OAuth 1.0 authorization model, how it may fit in the enterprise environment, and some security implications for designers and security analyzers. OAuth 2.0 framework, the proposed standard to replace OAuth 1.0, will also be briefly discussed.

Bio: Ping Ning is a senior consultant at Cigital with 20 years of development and security experiences. He is practicing many software security services for clients, including architecture risk analysis, security architecture and design, secure code review, penetration testing, building security programs, and tools deployment and training.