Token theft

Behind the Breach: Pass-The-Cookie Beyond IdPs

Behind the Breach: Pass-The-Cookie Beyond IdPs

| | FEATURED, passthecookie, PTC attack, SaaS Security, Security Guidance, Session hijacking, Token theft
Pass-The-Cookie (PTC), also known as token compromise, is a common attack technique employed by threat actors in SaaS environments.  In the past, Obsidian’s Threat Research team noted a pattern where most PTC ...
Obsidian Security
Behind the Breach: Pass-The-Cookie Beyond IdPs

Behind the Breach: Pass-The-Cookie Beyond IdPs

| | FEATURED, passthecookie, PTCattack, SaaS Security, Security Guidance, Session hijacking, Token theft
Pass-The-Cookie (PTC), also known as token compromise, is a common attack technique employed by threat actors in SaaS environments.  In the past, Obsidian’s Threat Research team noted a pattern where most PTC ...
Obsidian Security

Obsidian’s 2023 SaaS Security Predictions

| | 2023 security trends, FEATURED, privacy laws, SaaS Security, Security Advisories, Security Trends, Session hijacking, Token theft
SaaS security goes prime time in 2023 High-profile cyber attacks at Okta, Hubspot, and others in 2022 suggest bad actors are continuing to put more energy into targeting SaaS. Indeed, it is ...
Obsidian Security
A Deep Dive into SaaS Session Hijacking

A Deep Dive into SaaS Session Hijacking

| | Data Science & AI, Identity provider, Man In The Middle, SaaS Security, Session hijacking, Token theft
In a previous blog, we introduced the growing threat of session hijacking and explained just how dangerous and discrete these attacks can be. Today, in the second part of our series, we’ll ...
Obsidian Security