Identity Theft: Attacks on SSO Systems
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore a critical vulnerability affecting SAML-based Single Sign-On (SSO) systems in this AppSecUSA 2018 conference talk. Delve into the newly discovered flaw impacting multiple independent SAML implementations and potentially any system relying on XML signature security. Learn how attackers can exploit this vulnerability to tamper with signed XML documents, modifying attributes like authenticating users without invalidating signatures. Understand the root cause stemming from XML DOM traversal methods post-signature validation. Discover how this vulnerability allows authenticated attackers to access services as different users. Additionally, examine a related class of user directory vulnerabilities that can amplify the impact or even enable authentication bypasses independently. Gain valuable insights from Kelby Ludwig, Principal AppSec Engineer at Duo, on these critical security issues affecting modern organizational trust anchors.
Syllabus
Identity Theft: Attacks on SSO Systems - Kelby Ludwig - AppSecUSA 2018
Taught by
OWASP Foundation
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network