Latest news with #Outpost24
Techday NZ
3 days ago
- Techday NZ
Outpost24 identifies key OAuth risks & best practice solutions
An analysis by Outpost24 has examined seven of the most common vulnerabilities present in OAuth implementations and outlined recommended measures organisations can take to mitigate these risks. OAuth, short for Open Authorization, is a widely used industry protocol that allows users to grant access to their data on one site to another site, without sharing their credentials directly. This delegation of authority involves issuing tokens that provide time-limited and scoped permissions to client applications on behalf of users. Underlying complexity Although OAuth helps reduce direct exposure of user credentials and supports fine-grained access control, its broad flexibility also creates significant opportunities for errors during implementation. The protocol's reliance on strict validation of parameters, endpoints and tokens, as well as correct management of application state, means that mistakes or oversights can introduce vulnerabilities that attackers can exploit. Outpost24's analysis notes that OAuth is not inherently weak, but that its "power (delegated, token-based access) relies on numerous checks and balances. However, OAuth vulnerabilities often arise when developers or architects skip steps, like byte-for-byte URI validation, state verification, or signature checks on ID tokens. These oversights create exploitable gaps that attackers can target. So, OAuth itself isn't inherently 'weak'—but its flexibility and the proliferation of optional parameters and flows make it easy to misconfigure in ways that lead to real-world vulnerabilities." Common vulnerabilities The analysis identifies seven main areas where OAuth vulnerabilities commonly occur: 1. Open redirect and redirect URI manipulation: If the system does not strictly validate redirect URIs, attackers can manipulate authorisation flows to direct tokens or codes to endpoints they control, resulting in unauthorised access to user data. 2. Missing or weak Cross-Site Request Forgery (CSRF)/state protections: Failing to include a robust state parameter tied to each user's session enables attackers to trick users into completing authorisation requests that generate tokens for attacker-controlled clients. 3. Implicit flow and lack of Proof Key for Code Exchange (PKCE): The use of implicit flow, where access tokens are delivered directly via the browser, exposes tokens to interception. Without PKCE, even the more secure code flow can be susceptible if an attacker can access intermediate codes. 4. Inadequate scope validation and overly broad permissions: Applications may request excessive permissions, which can lead to abuse if an attacker acquires the access token. Users can be misled into granting high-privilege access. 5. Token leakage via insecure storage or transport: Storing tokens in browser storage areas accessible to client-side scripts, or transmitting them over insecure channels, can lead to theft through network compromise or browser vulnerabilities. 6. Missing or ineffective token revocation: Without appropriate means to revoke tokens, attackers or malicious clients may retain access indefinitely, even after a user believes they have rescinded authorisation. 7. Homegrown or outdated OAuth implementations: Custom or obsolete libraries may omit essential security checks, such as validating signature fields or all necessary request parameters, making exploitation feasible through replay or impersonation attacks. Mitigation strategies The analysis offers concrete recommendations to address each identified risk. For redirect URI threats, strict, exact matching of registered URIs is advised, along with enforcement of HTTPS. To defend against CSRF threats, the report urges clients to "generate a cryptographically random state value, store it in the user's session, and include it in the request. Strictly validate state on callback," and to make use of SameSite cookie attributes. The deprecation of the implicit flow and the universal adoption of PKCE are recommended for public clients. The analysis recommends the "use of authorization code flow + PKCE for all public clients", which helps bind token requests to verified identifiers, limiting misuse. Limiting scope requests to the minimal set required, alongside server-side validation of access scope, are key principles for scope management. Regarding token storage and transport, the advice is to "use secure, HttpOnly cookies for storing tokens" and to "enforce TLS everywhere… All endpoints (authorization, token, resource) must enforce HTTPS with strong ciphers." Short token lifetimes and refresh token rotation are also recommended to reduce the exposure following a token compromise. For revocation, the report recommends implementing dedicated endpoints that can invalidate access and refresh tokens in accordance with relevant standards, with continuous verification at the resource server layer to ensure revoked tokens remain unusable. On the issue of custom or outdated OAuth implementations, the recommendation is to "adopt well-maintained libraries and frameworks" and to "stay current with RFCs and security advisories," underscored by regular code reviews, threat modelling and attention to emerging IETF best practices. Operational recommendations To build a resilient OAuth deployment, enforce strict validation of redirect URIs, state parameters, and token signatures; adopt PKCE for all public clients; and adhere to least‐privilege scope requests. Ensure secure storage and transmission of tokens (favouring HttpOnly cookies over local storage) and implement token revocation with continuous introspection. Use community‐trusted OAuth libraries, keep up with evolving IETF/OAuth 2.1 guidelines, and maintain robust logging/monitoring to catch misuse quickly. Outpost24's analysis points out that by addressing these common misconfigurations and implementation issues, organisations "significantly reduce the risk of credential theft, unauthorised API access, and large-scale data breaches arising from flawed OAuth integrations."
Business Wire
27-05-2025
- Business
- Business Wire
Outpost24 Named an Overall Leader in 2025 KuppingerCole Leadership Compass Report for Attack Surface Management
PHILADELPHIA--(BUSINESS WIRE)-- Outpost24, a leading provider of cyber risk management and threat intelligence solutions, today announced it has been recognized as an Overall Leader in the 2025 KuppingerCole Leadership Compass Report for Attack Surface Management and is the only European vendor named as an Overall Leader in the report. The company was also named a leader in the Product and Market categories. Outpost24 has quickly moved up from its previous position as 'Challenger' in 2023 to the Overall Leader category in 2025. The KuppingerCole Leadership Compass Report provides an overview of the Attack Surface Management market and guides organizations to find the solution that best meets their needs. They examine the market segment, vendor service functionality, and innovative approaches to providing Attack Surface Management solutions. According to the report, the modern attack surface has expanded significantly due to the use of cloud services, mobile devices, APIs, Internet of Things (IoT) devices, supply chains, and remote work practices. This expansion introduces new endpoints and potential vulnerabilities and makes organizations more susceptible to cyber threats. Implementing Attack Surface Management (ASM) solutions enables organizations to identify potential vulnerabilities, assess the effectiveness of their cybersecurity systems, and strengthen their security posture accordingly. A proactive approach to cybersecurity has become an essential requirement for organizations, as cyber threats continue to evolve in complexity and frequency. Outpost24 key features selected by KuppingerCole are: Detects websites and applications that are without GDPR-compliant cookie consent practices. (Distinguishing feature) Strong M&A risk analysis capabilities Easy licensing which includes unlimited assets and users per organization Contributing member of the Cyber Threat Alliance Pen testing availability as a service Proprietary risk-scoring framework Supported MITRE ATT&CK mapping Outpost24's cloud-based External Attack Surface Management (EASM) platform helps organizations identify, protect and monitor their external attack surface and improve their cyber resilience. Outpost24 offers automatic data gathering, enrichment, and AI-driven analysis modules that analyze all known and unknown internet-facing assets for vulnerabilities and attack paths to then offer simple, effective remediation actions to close any security gaps. 'We are honored to be named an Overall Leader in the 2025 KuppingerCole Leadership Compass Report for Attack Surface Management,' said Ido Erlichman, CEO of Outpost24. 'As the modern attack surface continues to expand, organizations must take a proactive approach to protecting themselves by understanding their specific attack surface and identifying any potential vulnerabilities. Our ASM solutions, including recently launched Outpost24 CyberFlex, provide a comprehensive view of internal and external attack surfaces to identify unknown assets, close security gaps, prioritize risk mitigation and holistically protect organizations.' To download a complimentary copy of the 2025 KuppingerCole Leadership Compass Report, please visit this link. Outpost24 offers industry-leading Attack Surface Management solutions that keep security teams one step ahead of emerging threats. They help thousands of organizations around the world to identify, protect, and monitor digital risks before they can be exploited. Outpost24 was founded in 2001 and is headquartered in Sweden, with offices in the US, UK, France, Belgium, and Spain. Visit for more information.
Techday NZ
20-05-2025
- Business
- Techday NZ
Outpost24 adds AI summaries to boost digital threat analysis
Outpost24 has introduced AI-powered summaries to the Digital Risk Protection modules of its External Attack Surface Management platform. The new feature is designed to provide efficient threat analysis by reducing the time security teams spend interpreting complex findings and helping organisations manage digital risks more effectively. Outpost24's Digital Risk Protection modules enable organisations to identify, monitor, and protect against potential cyber threats before exploitation occurs. These modules continuously scan for exposed credentials, brand impersonations, data leaks, and other risks, but the volume and intricacy of findings can pose challenges for rapid decision-making by security professionals. With the addition of AI-enhanced summaries, each DRP finding is automatically condensed into a 25-word explanation. By employing large language model (LLM) technology, the platform aims to streamline the interpretation of threat intelligence and provide concise, helpful information. The AI-generated summaries are intended to offer content insights in an accessible format, translate threat information from foreign languages into English, and distil complex intelligence into key areas of concern for users. "The latest AI-powered feature in Outpost24's Digital Risk Protection solution enhances efficiency by providing time-saving summaries that support informed decision-making and proactive threat management. We will continue expanding AI capabilities across our Attack Surface Management solutions," Omri Kletter, Chief Product Officer at Outpost24, said The AI-enhanced summaries join the existing Domain Discovery AI feature in the External Attack Surface Management platform, reflecting Outpost24's ongoing research and development in artificial intelligence for attack surface management. Outpost24 has stated that, although DRP results are inherently based on publicly available data, the company is taking steps to prevent further data exposure. The AI summaries will be generated through a private instance of a large language model to help ensure information is not leaked to third parties. Outpost24, a prominent European cybersecurity firm specialising in Attack Surface Management (ASM), has solidified its position in the industry through strategic investments and leadership enhancements. The company is backed by Vitruvian Partners, an international investment firm known for supporting high-growth technology companies. Founded in 2001 in Sweden, Outpost24 has expanded its global footprint, serving over 3,000 customers across 65 countries. The company's comprehensive cybersecurity solutions encompass ASM, Digital Risk Protection (DRP), and Identity and Access Management (IAM), enabling organizations to identify assets, mitigate risks, and monitor emerging threats effectively. A key component of Outpost24's approach involves its team of ethical hackers who specialise in identifying and addressing complex threats. These professionals collaborate closely with client teams to enhance security measures and contribute to the broader cybersecurity community through research and intelligence sharing.
Techday NZ
08-05-2025
- Business
- Techday NZ
Outpost24 expands platform for data & social threat defense
Outpost24 has announced the integration of two new Digital Risk Protection modules into its External Attack Surface Management platform. The new Social Media and Data Leakage modules are offered alongside the existing Leaked Credentials and Dark Web modules. The company said these modules are designed to enhance customer insights into the entire attack surface, supporting organisations as they aim to identify threats across a broader range of digital channels. According to Outpost24, the Social Media DRP module enables organisations to monitor their social media profiles as part of their attack surface. This module tracks social media impersonation, external breaches, and internal leaks in real-time, providing security teams with earlier visibility into threats originating from such platforms. Meanwhile, the Data Leakage DRP module is built to detect potentially leaked documents and source code. By promptly bringing these exposures to security teams' attention, the module aims to provide companies enough time to respond and mitigate potential consequences before sensitive information is misused. The company highlighted that these modules leverage access to private and exclusive sources, strong automation capabilities, and advanced threat intelligence to give organisations a more comprehensive view of their external threats and risks. Outpost24 said this broader overview is intended to empower security teams to be more proactive and better prioritise their response efforts. "Organisations often forget that threat actors use the information on public social media profiles to launch targeted attacks or even to impersonate executive leadership. But they absolutely do, and it's extremely important that security teams track this. We've built our DRP modules for Social Media and Data Leakage based on rich threat intel and accelerated automation so that organisations can get the full context behind each new alert," Omri Kelter, Chief Product Officer at Outpost24, said, explaining the capabilities of the new modules. Outpost24 stated that by employing these monitoring modules, companies may be able to respond faster to threats emerging on social media, detect and address leaked documents or code before they become problematic, protect their reputations, and reduce the risks of phishing or fraud. Early detection is positioned as a preventive measure to stop confidential information from spreading. The company noted that threat actors have increasingly been using information from social media profiles to plot attacks against companies of all sizes. Monitoring these activities, it said, supports organisations in maintaining timely awareness of new or emerging risk vectors that might not be addressed with traditional security approaches. The inclusion of these modules extends the capabilities of Outpost24's EASM platform, which now covers additional facets of the attack surface and potentially enables customers to gain earlier warnings and more context for security incidents involving external-facing assets. Follow us on: Share on:
