Started playing around with our new Identity provider at work. Its in PoC form at this stage. Build with the help of the Identity 3.0 templates and asp.net core. Added certificates Enforced HTTPS Added some OAuth support Added some secure headers. Thanks to Andrew Lock and his article on How to add default security headers in… Read More »
This post is more of a note to myself so I can remember the name of this tool and how to configure it. The OWASP Zed Attack Proxy (ZAP) can crawl through a site and test a site for the current OWASP top 10.
In the previous article I showed how to use OAuth to connect to twitter. At this point all the authentication and authorization has been done and we are busy with the last step to retrieve the Identity information from twitter specifically.
Last time I looked at Oauth I was simply looking at the steps involved with it, today I am doing a small POC. I will be using twitter as my identity provider.