Oauth2.0 Pentest Checklist

Here's a list of things to keep in mind when checking out part of an OAuth 2.0 Penetration Testing engagement.

Syn Cubes Team - May 25, 2021
Oauth2.0 Pentest Checklist | SYN CUBES

Word Ahead


This is a visual alternative to the IETF OAuth 2.0 Security Best Current Practice publication, combined with knowledge from various other public resources we found useful.

We are using this checklist as part of our testing routine for Oauth2 implementations.

Checklist















Other Security Considerations



Client App Security



Resource Servers




OAUTH2.0 Penetration Testing - High Quality Image


[*] Download picture

OAUTH2.0 Pentest check list mindmap - CherryTree Version


[*] Download file

Aknowledgements | References | Resources




Say goodbye to pentesting fluff and hello to real results.