This course aims to provide a deep understanding of the security aspects of the Security Assertion Markup Language (SAML) protocol. By the end of the course, learners will be able to identify and mitigate XML signature-related attacks, understand the importance of secure SAML attribute implementation, and conduct fuzz testing on SAML assertions. The course covers topics such as SAML components, authentication, real attacks, and securing SAML through methods like signature roughing attacks. The teaching method involves a detailed exploration of SAML protocol security issues and strategies for identifying vulnerabilities in proprietary SAML implementations. This course is intended for security professionals, developers, and individuals interested in enhancing their knowledge of SAML protocol security.
O'Dea Assertions Untwining the Security of the SAML Protocol
Overview
Syllabus
Introduction
Cloud Applications
Multiple User Names
What happened
What is SAML
What is Federation
Single Sign On
SAML Components
Who
Sample desertion
Assertions
Request response
Web services
Alternative to Web services
Security of SAML
Authentication
Transport Level SSL
Real Attacks
External Signature
Signature Wrapping Attacks
Stack Overflow
Vulnerabilities
SAML PHP
SAML complications
canonicalization entity expansion
design service attacks
attributes
Securing SAML
Signature Roughing Attacks
Taught by
nullcon
