Description: The Security Assertion Markup Language (SAML) provides a framework for cross-domain single sign-on in the enterprise field ... with a single point of failure; what if you could break it? In this talk we will first discuss the benefits of SAML by presenting two showcases of Swiss institutions that heavily rely on it. Then, we’ll turn to the risks by reviewing previous attacks on SAML and a new one we call X509 certificate tampering.
Antoine Neuenschwander(@ant0inet)
Antoine Neuenschwander worked as a software engineer in the development of security products for several years before joining Compass Security in 2014 as a penetration tester and security analyst. His fields of expertise include web application security in general and authentication protocols in particular. Antoine Neuenschwander holds a MSc degree in Computer Science from the Swiss Federal Institute of Technology (ETH/EPFZ) in Zurich.
Last summer Roland Bischofberger finished his BSc studies with a bachelor thesis, which discusses some SAML vulnerabilities and the creation of a SAML penetration testing tool named SAMLRaider. As a term paper he researched vulnerabilities in XSLT implementations and gave a presentation at OWASP Switzerland about the results. He has been working as a security analyst at Compass Security since autumn 2015.
For More Information Please Visit:- http://area41.io/
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.