OAuth Provider Risk
Phase 3authenticationWSTG-ATHZ
Description
Passive inspection of OAuth/OIDC initiation links: wildcard redirect_uri, missing state parameter, deprecated implicit flow, broad scopes, and OIDC issuer mismatch via /.well-known/openid-configuration.
Security Impact
OAuth provider misconfigurations enable account takeover via open-redirect, CSRF, and token theft. This module detects five classes of OAuth/OIDC risk without active probing.
Automated Detection & AI Remediation
DygDog automatically detects OAuth Provider Risk using its continuous, passive scanning engine. When discovered, DygDog provides infrastructure-specific, copy-paste ready code snippets generated by frontier AI models to help you remediate the issue instantly without generic advice.
Start Free Scan