Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Monday, May 8 • 09:00 - Wednesday, May 10 •17:00
Systematically Breaking and Fixing Single Sign-On (3 days)

Sign up or log in to save this to your schedule and see who's attending!

Single Sign-On (SSO) has been the target of serious attacks in recent years.
We systematically analyzed different SSO protocols, such as SAML, OpenID, OAuth, and OpenID Connect, and came up with a large range of attacks partially or totally breaking the security of these protocols.

This 3-day training will give an overview of the general SSO authentication concept and present new insights into three widely-used protocols: SAML, OAuth and OpenID Connect.
Participants will get the opportunity to carry out the introduced attacks in a prepared environment. We will additionally show techniques to mitigate the attacks and implement SSO securely.

Contents
- Single Sign-On Basics
- General attacks on Single Sign-On to Service and Identity Providers
- Numerous attacks on SAML, OAuth, and OpenID Connect
- Strengthen Single Sign-On via Token Bindings

Requirements
- Laptop with a recent version of Virtual Box

Trainers
avatar for Christian Mainka

Christian Mainka

Security Consultant, Hackmanit GmbH
Christian Mainka is a Security Researcher at the Ruhr University Bochum, Chair for Network and Data Security. Since 2009, he focuses on XML and Web Services technologies and develops his penetration testing tool WS-Attacker and has published several papers in the field of XML sec... Read More →
avatar for Vladislav Mladenov

Vladislav Mladenov

Ruhr University Bochum
Vladislav Mladenov is a PhD Student at the Ruhr University Bochum, Chair for Network and Data Security. He is interested in the security of XML-based services. Additionally, he investigates different Single Sign-On protocols like OAuth, OpenID, OpenID Connect and SAML. Other topi... Read More →


Monday May 8, 2017 09:00 - Wednesday May 10, 2017 17:00
Lisburn Suite Hilton

Attendees (10)