Secure Planet Training Courses Updated For 2019 - Click Here

There are new available articles, click to refresh the page.

/r/netsec - Information Security News & Discussion

What secures LLMs calling APIs via MCP? A stack of OAuth specs—here’s how they fit together

By: ／u／Smooth-Loquat-4954 — June 23^rd 2025 at 14:55

Model Context Protocol is quickly becoming the default way for LLMs to call out to tools and APIs—but from a security standpoint, it’s been a little hand-wavy. This post fixes that.

It shows how five OAuth specs—including dynamic client registration and protected resource metadata—combine to form a secure, auditable, standards-based auth flow for MCP.

submitted by /u/Smooth-Loquat-4954
[link] [comments]

/r/netsec - Information Security News & Discussion

SAMLStorm: Critical Authentication Bypass in xml-crypto and Node.js libraries

By: ／u／Smooth-Loquat-4954 — March 17^th 2025 at 13:33

submitted by /u/Smooth-Loquat-4954
[link] [comments]

/r/netsec - Information Security News & Discussion

Ruby SAML CVE-2024-45409: As bad as it gets and hiding in plain sight

By: ／u／Smooth-Loquat-4954 — November 13^th 2024 at 03:38

submitted by /u/Smooth-Loquat-4954
[link] [comments]