Products
Technology for your digital platform that you can run yourself, in a private cloud, or as SaaS.
API Management
Integration
Identity & Access Management
Your Digital Platform, as a Service
Platform
- Your internal developer platform as a service to quickly deliver applications.
Solutions
By Technology
- API Management
  Solutions to deliver your APIs in any environment.
- Integration
  Break down data silos, streamline workflows, and unlock insights.
- Identity & Access Management
  Create secure, unique, and compelling digital experiences with ease.
  
  Customer IAM
  
  For Consumers (B2C)
  
  For B2B Applications (B2B CIAM)
  
  For Citizens (G2C)
  
  Workforce IAM
  
  API Access Management
By Industry
- Healthcare
  Provide awesome digital experiences for payers, providers, and patients.
- Finance
  Deliver secure financial experiences at speed.
- Government
  Deliver secure and simplified digital services for governments and citizens.
Featured Blog
- Implementing an Event-Driven GraphQL BFF with Real-Time Notifications
  Read Blog
Resources
- Training and Certification
- Events
Featured Whitepaper
- Transactions in a Microservice World
  Read Whitepaper
Support
- Subscription
  Learn About the Benefits of a WSO2 Subscription for Commercial Use.
- Updates
  Maintain the health and security of your solution.
- Consulting Services
  A full range of services to help you get the most out of your WSO2 project.
Featured Blog
- Self Manage Your WSO2 Support Portal Users
  Read Blog
Company
- About WSO2
  Learn about who we are and our journey.
- Team
  The people behind our innovative technologies.
- Customers
  See how we’ve helped leading enterprises from around the world.
- Careers
  Discover how you can make an impact.
- Partners
  Learn about the benefits of partnering with us.
- News
  The latest updates and insights.
Customer Spotlight
- YOMA x WSO2: Building Better Banking Relationships
  Read Case Study
Community
Contact Us
EN
- French
- German
- Portuguese
- Spanish
Profile

23 Jun, 2017

[Blog Post] OAuth 2.0 Threat Landscapes

Prabath Siriwardena
Senior Director - Security Architecture - WSO2

Not long ago — early one day in May, I got an email from a good friend of mine, which I didn't resist to open and check out what it was. He had shared a Google doc — and once I clicked on the link a suspicious screen appeared, asking me permission to read, delete, send and manage my emails. Why on the earth would ‘Google Docs’ ask permissions to access my emails? I really didn’t bother to see whether it’s the real Google Docs — or fake, but I didn’t proceed any further. It’s not true for all of us — on 3rd May, 2017, many people didn’t bother giving the fake ‘Google Docs’ app the permissions to access their emails. It was a phishing attack...

To read the rest of Prabath's blog on OAuth 2.0 thread landscapes click here.

About Author

Prabath Siriwardena
Senior Director - Security Architecture
WSO2