Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Systematically Breaking and Fixing OpenID Connect

OWASP Foundation via YouTube

Overview

Explore a comprehensive analysis of OpenID Connect security vulnerabilities and their solutions in this conference talk from AppSecEU 2016. Delve into the differences between OAuth and OpenID Connect, understanding the three-party system and dynamic solutions involved. Examine various attack vectors, including single-phase attacks, replay attacks, and IDP confusion attacks, along with their corresponding countermeasures. Learn about malicious endpoint attacks and out-of-service scenarios through practical demonstrations. Gain insights from security experts as they discuss current states of OpenID Connect implementation and provide a summary of key findings to enhance your understanding of this authentication protocol's security landscape.

Syllabus

Introduction
Three simple questions
The plan
OAuth vs OpenID Connect
OpenID Connect
Three parties
This face
Dynamic solution
ID token
Parameters
Attacks
Threat Model
Categories
Attacker Identity Provider
Single Phase Attacks
Another Attack
Replay Attacks
Supported Values
Singlephase attacks
Crossphase attacks
Endpoints
IDP Confusion Attack
Countermeasure
Malicious Endpoint Attacks
Out of Service
Demo
Professors
Tobias works
IDPs
Switch
Current State
Summary

Taught by

OWASP Foundation

Reviews

Start your review of Systematically Breaking and Fixing OpenID Connect

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.