Frans Rosen

Frans Rosen
Frans Rosén is a tech entrepreneur, bug bounty hunter and a Security Advisor at Detectify. He's a frequent blogger at Detectify Labs and a top ranked participant of bug bounty programs.

Talk / Workshop
Bounty Track

Account hijacking chaining abnormal flows in OAuth combined with URL-leaking gadgets

Intentionally triggering abnormal flows in "Sign-in"-functionality using OAuth, combined with various third-party javascript gadgets allows vulnerable scenarios where authorization credentials could leak to an attacker – even without XSS. Frans Rosén, Security Advisor at Detectify goes through different scenarios found in the wild and shows examples and methodologies used to find and exploit these attack chains also affecting some of the larger and more popular bug bounty programs out there.

Subscribe and get our news and updates.