Tag: API security

OAuth 2.0 Doesn’t Work How You Think: Real Mistakes That Get Apps Hacked In 2022, a fintech startup lost access to 300,000 user accounts after an attacker exploited a misconfigured OAuth redirect URI. The vulnerability wasn’t exotic — it was a textbook OAuth 2.0 implementation mistake that the security community had documented years earlier. The…