Antonio Sanso – WindowsTechs.com

Slack Plugs ‘Severe’ SAML User Authentication Hole

Posted on October 27, 2017 by Tom Spring

Cloud-based communications platform Slack finished patching a severe security hole Thursday affecting portions of its platform that used Security Assertion Markup Language for user authentication. Continue reading Slack Plugs ‘Severe’ SAML User Authentication Hole→

JSON Libraries Patched Against Invalid Curve Crypto Attack

Posted on March 15, 2017 by Michael Mimoso

JSON libraries using the JWE specification to create, sign and encrypt access tokens have been patched against an attack that allows for the recovery of a private key. Continue reading JSON Libraries Patched Against Invalid Curve Crypto Attack→

PayPal Fixes OAuth Token Leaking Vulnerability

Posted on November 28, 2016 by Chris Brook

PayPal fixed an issue that could have allowed an attacker to hijack OAuth tokens associated with any PayPal OAuth application. The vulnerability was publicly disclosed on Monday by Antonio Sanso, a senior software engineer at Adobe, after he came across the issue while testing his own OAuth client. For its part, PayPal remedied the vulnerability about […] Continue reading PayPal Fixes OAuth Token Leaking Vulnerability→