Oauth2.0 Pentest Checklist

Here's a list of things to keep in mind when checking out part of an OAuth 2.0 Penetration Testing engagement.

Syn Cubes Team - May 25, 2021
Oauth2.0 Pentest Checklist | SYN CUBES

Word Ahead

This is a visual alternative to the IETF OAuth 2.0 Security Best Current Practice publication, combined with knowledge from various other public resources we found useful.

We are using this checklist as part of our testing routine for Oauth2 implementations.


Other Security Considerations

Client App Security

Resource Servers

OAUTH2.0 Penetration Testing - High Quality Image

[*] Download picture

OAUTH2.0 Pentest check list mindmap - CherryTree Version

[*] Download file

Aknowledgements | References | Resources

Be the adversary - attack first