SSOScan is a tool that can automatically check if your application has these vulnerabilities when integrating Facebook Single Sign-On (SSO).
Correctly integrating third-party services into web applications is challenging, and mistakes can have grave consequences when third-party services are used for security-critical tasks such as authentication and authorization. Developers often misunderstand integration requirements and make critical mistakes when integrating services such as single sign-on APIs. Since traditional programming techniques are hard to apply to programs running inside black-box web servers, we propose to detect vulnerabilities b
Vulnerabilities Checked by SSOScan