Publication: OVERSCAN: OAuth 2.0 Scanner for Missing Parameters
Issued Date
2019-01-01
Resource Type
ISSN
16113349
03029743
03029743
Other identifier(s)
2-s2.0-85076990787
Rights
Mahidol University
Rights Holder(s)
SCOPUS
Bibliographic Citation
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol.11928 LNCS, (2019), 221-233
Suggested Citation
Karin Sumongkayothin, Pakpoom Rachtrachoo, Arnuphap Yupuech, Kasidit Siriporn OVERSCAN: OAuth 2.0 Scanner for Missing Parameters. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol.11928 LNCS, (2019), 221-233. doi:10.1007/978-3-030-36938-5_13 Retrieved from: https://repository.li.mahidol.ac.th/handle/20.500.14594/50669
Research Projects
Organizational Units
Authors
Journal Issue
Thesis
Title
OVERSCAN: OAuth 2.0 Scanner for Missing Parameters
Other Contributor(s)
Abstract
© 2019, Springer Nature Switzerland AG. The websites are developed rapidly and wildly used by people around the world. The main reason is the increase of the immense number of internet users, which results in the security control of accessing sensitive information is necessary. The authorization server as the one security aspect which controls the access permission to the system. Many authentication protocols were proposed to meet these functional requirements. The open-standard authorization (OAuth) protocol is one of the well-known solutions widely used. However, many developers still misuse this protocol, which can cause security breaches. This paper proposes a tool named OVERSCAN, which is an OAuth2.0 scanner for misused or missing parameters. The experiments of using OVERSCAN have been conducted over 45 samples supporting OAuth2.0 protocol. The results show that 84.4% of samples lack significant parameters which can cause security problems.