Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Identity Theft - Attacks on SSO Systems

Black Hat via YouTube

Overview

Explore a critical vulnerability affecting SAML-based Single Sign-On (SSO) systems in this 41-minute Black Hat conference talk. Delve into the technical details of XML signatures, SAML implementations, and their potential security flaws. Learn about the discovery process, timeline, and implications of this vulnerability that impacts multiple libraries underpinning many SSO systems. Understand the threat model, exploitation techniques, and remediation strategies for the truncation vulnerability in SAML assertions. Gain insights into programmable identity and additional tricks that can compromise SSO security. Suitable for security professionals and developers working with SSO systems.

Syllabus

Introduction
About Me
Agenda
SSO
SAML
XML
Name ID
Attributes
Signature
XML Digital Signature
XML Canonicalization
XML Comments
Saml API
XML API
XML Documents as Trees
Is XML Broken
What We Know
The Timeline
How could this be exploited
Threat Model
Truncation Vulnerability
SAML Assertion
Update Profile Information
Remediation
Exploit Steps
Programmable Identity
One More Trick
HighLevel Steps
Conclusion
Shoutouts

Taught by

Black Hat

Reviews

Start your review of Identity Theft - Attacks on SSO Systems

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.