SSO Wars - The Token Menace
Offered By: BSidesLV via YouTube
Course Description
Overview
Explore the intricacies of Single Sign-On (SSO) security in this comprehensive conference talk from BSidesLV 2019. Delve into the world of delegated authentication, focusing on JWT and SAML tokens. Examine potential attack vectors, including signature verification vulnerabilities in .NET frameworks. Analyze key resolution methods and their impact on security. Investigate specific scenarios involving Windows Communication Foundation (WCF) and SharePoint authentication flows. Gain valuable insights into dupe key confusion attacks and their limitations. Equip yourself with essential knowledge to fortify SSO implementations against token-based threats.
Syllabus
Intro
Agenda
Delegated Authentication
JWT token
Similar code for SAML
Potential Attack Vectors (2/2)
Simplified SAML Token
SAML Signature Verification in .NET
A tale of two resolvers
Possible scenarios for different key resolution
Examples of affected frameworks
Windows Communication Foundation (WCF)
Key & Token Resolution
Token resolution - Breadth First
Dupe Key Confusion
Key and Token resolutions
Attack limitations
SharePoint Authentication Flow
SharePoint Attack Flow
Conclusions
Taught by
BSidesLV
Related Courses
Introduction to Functional ProgrammingDelft University of Technology via edX MongoDB for .NET Developers
MongoDB University 基于.Net的Web开发技术
Xi'an Jiaotong University via Coursera Web Development with ASP.NET C# and Entity Framework Code-First
Canvas Network Blazor and JavaScript Interoperability
Coursera Project Network via Coursera