Security News > 2023 > August > How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes

An even better practice would be to tailor your Google or Microsoft settings to require administrative approval for any new grant before employees can start using it, giving your team time to investigate and catch anything suspicious.

While reviewing new OAuth grants can help you detect issues early on, oversight shouldn't end once an OAuth grant is in place.

You may want to look into tools that can assemble an inventory of all OAuth grants for you, along with scopes and OAuth risk scores to make this process easier.

Checking a grant's domains can help you determine whether a vendor actually backs that particular OAuth grant, or if the grant was created by someone trying to piggyback off of a legitimate brand's reputation.

Let's say you allow an OAuth grant to access your organization's email.

The platform provides an inventory of every app-to-app OAuth grant ever created in your org, along with OAuth risk insights like grant type, age, number of scopes, who granted access, and an overall OAuth risk score.

News URL

https://thehackernews.com/2023/08/how-to-investigate-oauth-grant-for.html