Salt is the first and the only vendor in the market to provide this functionality to help mitigate risk associated with a new class of OAuth threats, Schwake claimed.
In-house AI for mitigation
Vulnerabilities in OAuth systems can leave access tokens or authorization codes susceptible to theft. Attackers can leverage those stolen elements to impersonate legitimate users and gain unauthorized access to sensitive resources and applications, the company said in a press statement.
“The OAuth 2.0 framework is the industry standard protocol for authentication that has been around for years now (I believe since 2012),” Vance said. “There have been numerous vulnerabilities discovered involving OAuth 2.0, but most are a result of a misconfiguration or poor implementation of OAuth 2.0 that resulted in unauthorized access to user data or unauthorized access to an application or system by bypassing authentication completely.”
Salt Security uses the Salt platform’s proprietary AI to power the new OAuth protection offering. “Our unique AI engine allows us to help detect and mitigate OAuth threats to mitigate risk within APIs in a differentiated fashion,” Schwake added.
Salt Security’s OAuth enhancements are great and needed, considering the increased usage of APIs and microservices that utilize OAuth for authentication and how easy it is to not fully implement OAuth securely, Vance added.