Security Intermediate

What is OAuth 2.0?

An authorization framework that allows third-party applications to access user resources without sharing passwords.

OAuth 2.0 enables delegated authorization. Instead of sharing credentials, users authorize applications to access specific resources. The framework defines roles: resource owner (user), client (app), authorization server, and resource server.

Grant types include Authorization Code (web apps), Client Credentials (service-to-service), and Device Code (smart TVs). OAuth 2.0 is used by Google, Facebook, GitHub, and most major platforms for third-party access.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

A systematic examination of an information system to assess compliance with security policies, identify vulnerabilities, and verify controls.

DAST (Dynamic Application Security Testing)

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.

A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project.

DDoS (Distributed Denial of Service)

An attack that floods a target server or network with traffic from multiple sources to overwhelm it and deny service to legitimate users.

Man-in-the-Middle Attack

An attack where the attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly.

View All Security Terms →