Application consent allows a third-party platform as a service to gain persistent access to resources in your environment. This can be something simple like automation scripts, using a Github account to log into HacktoberFest, or granting access to email and calendar for built-in productivity apps on a mobile phone.

Recent high profile security incidents have shown how application consent and service principals can be exploited for persistent access. Management of the application consent process and environment access by service principals remained free and unfettered in many environments, allowing malicious actors to do what they wanted in a largely unobserved manner.

This talk will explain the application consent process, how service principals are used and why as an application developer you should ensure you request only the minimum permissions required for your application to work. Additionally, attendees will leave with a clear understanding of how to identify and avoid the many security risks associated with the misuse of security principals.