Abstract
OAuth is used by many FinTech applications for authorization purposes and there are many implementations of OAuth protocol. Some of the implementations do not implement OAuth specifications correctly. This creates critical vulnerabilities on the FinTech applications that circumstances give rise a negative impact on FinTech companies. In this paper, we have analyzed 18 authorization servers that are used by FinTech applications. We have selected and analyzed resource servers (more than 100 applications) that use these OAuth servers to find their vulnerabilities. We have found some vulnerabilities on the flow of OAuth implementations. We propose a framework to reduce the implementation vulnerabilities on the flow. Our analyses results show that the proposed framework will help developers to reduce the most common vulnerabilities on OAuth flow.
| Original language | English |
|---|---|
| Title of host publication | UBMK 2019 - Proceedings, 4th International Conference on Computer Science and Engineering |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 536-541 |
| Number of pages | 6 |
| ISBN (Electronic) | 9781728139647 |
| DOIs | |
| Publication status | Published - Sept 2019 |
| Event | 4th International Conference on Computer Science and Engineering, UBMK 2019 - Samsun, Turkey Duration: 11 Sept 2019 → 15 Sept 2019 |
Publication series
| Name | UBMK 2019 - Proceedings, 4th International Conference on Computer Science and Engineering |
|---|
Conference
| Conference | 4th International Conference on Computer Science and Engineering, UBMK 2019 |
|---|---|
| Country/Territory | Turkey |
| City | Samsun |
| Period | 11/09/19 → 15/09/19 |
Bibliographical note
Publisher Copyright:© 2019 IEEE.
Funding
This work is supported by Istanbul Technical University under the BAP project, number MAB-2017-40642.
| Funders | Funder number |
|---|---|
| Istanbul Teknik Üniversitesi | MAB-2017-40642 |
Keywords
- Authorization
- FinTech
- OAuth
- Security
- Vulnerability
