undefined | Better HN

story

0 pointsthdhhghgbhy9mo ago0 comments

I did, and xss and session sniffing listed on the OWASP web page, would be prevented by following OAuth flows. So that just leaves mitm, which as I said, is effectively breaking https.

0 comments

motorest9mo ago

> I did, and xss and session sniffing listed on the OWASP web page, would be prevented by following OAuth flows.

OWASP's page lists 3 more examples which it seems you omitted for some reason.

j / k navigate · click thread line to collapse

0 comments

motorest9mo ago

> I did, and xss and session sniffing listed on the OWASP web page, would be prevented by following OAuth flows.

OWASP's page lists 3 more examples which it seems you omitted for some reason.

j / k navigate · click thread line to collapse