@herbert77
- 0 Followers
- 2 Following
- 2 Posts
@PhilippeDeRyck thank your for publishing the slides!
I noticed that NDC Security 2025 talks are on youtube, but this talk appears to be missing.
Will it be published later or was it not recorded?
thank you for all your work on OAuth Security and your great talks!
I noticed that NDC Security 2025 talks are on youtube, but this talk appears to be missing.
Will it be published later or was it not recorded?
thank you for all your work on OAuth Security and your great talks!
a remark about your talk:
"Using DPoP to use access tokens securely in your Single Page Applications"
https://fosdem.org/2025/schedule/event/fosdem-2025-5370-using-dpop-to-use-access-tokens-securely-in-your-single-page-applications/
in this presentation https://www.youtube.com/watch?v=OpFN6gmct8c&t=1723s
@PhilippeDeRyck
explains that DPoP can not mitigate the problem that an attacker in the position to execute JavaScript (XSS) can get their own access token regardless how well protected the DPoP keys are because the attacker can use their own DPoP keys to get new access tokens.
Would you disagree?
