Description:

Security professionals and developers are more and more frequently turning to the delegation framework OAuth. But what is it exactly? OAuth intersects with authentication and access control, yet you would not likely use OAuth in and of itself for authentication or session management or as an access control in your applications. Even more confusing, OAuth is not a standard; various service providers will likely have different implementations. Jim Manico offers an overview of OAuth, explaining where it fits in and how to use it in a secure fashion.

About Jim Manico

Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. Jim is also the founder of Brakeman Security, Inc. and an investor/advisor for Signal Sciences. He is the author of Iron-Clad Java: Building Secure Web Applications (McGraw-Hill), a frequent speaker on secure software practices, and a member of the JavaOne Rockstar speaker community. Jim is also a volunteer for and former board member of the OWASP foundation.