Tag: OAuth

News | mTLS | Risk Applicable: SaaS | Enterprise | Community Edition Salesloft Breach and how PKI eliminates the risk of OAuth token hijacking   Introduction Certificates, specifically mTLS (Mutual TLS) certificates, are a powerful mechanism to address OAuth token theft. They don’t prevent the token from being stolen itself, but they severely limit its usefulness to an attacker, effectively neutralizing the threat. The core idea is to bind the OAuth token to a specific client using a cryptographic key pair, making the stolen token unusable on any other client. Here’s a breakdown of...