OAuth 2.0 Threat Model Pentesting Checklist
The following is a checklist we are using usefull during an OAuth 2.0 Penetration Testing engagement.
May 25, 2021
- Oauth2
- Pentest Checklist

WORD AHEAD
This is a simplified visual alternative to IETF OAuth 2.0 Security Best Current Practice publication combined with various other public resources we found usefull.
Overall, we are using this checklis as part of our engagements when testing for Oauth2 implementations.
CHECKLIST
Read more
Read more
Read more
Read more
Read more
Read more
Read more
Read more
Read more
Other Security Considerations
Client App Security
Resource Servers
OAUTH2.0 PENTEST CHECK LIST MINDMAP - INSANE QUALITY IMAGE
[*] Download picture
OAUTH2.0 PENTEST CHECK LIST MINDMAP - CHERRY TREE IMPORTABLE VERSION
[*] Download file
ACKNOWLEDGEMENTS | REFERENCES | RESOURCES
- https://tools.ietf.org/id/draft-lodderstedt-oauth-security-01.html
- https://tools.ietf.org/id/draft-ietf-oauth-security-topics-15.html
- https://www.google.com/search?q=oauth2+site%3Ahackerone.com&newwindow=1
- https://pentesterlab.com/exercises/
- https://developer.okta.com/blog/2019/03/12/oauth2-spring-security-guide
- https://www.giuspen.com/cherrytree/