3 Attacking the Authentication Layer – a SAML Use Case

“‘They say only: The Doors of Durin, Lord of Moria. Speak, friend, and enter. [...]’ ‘What does it mean by speak, friend, and enter?’ asked Merry.

‘That is plain enough,’ said Gimli. ‘If you are a friend, speak the password, and the doors will open, and you can enter.’

‘Yes,’ said Gandalf, ‘these doors are probably governed by words.”

J. R. R. Tolkien [1]

Welcome to the third chapter, where we analyze our vulnerable applications with a Capture the Flag (CTF) exercise on Security Assertion Markup Language (SAML).

As Gimli tells Gandalf, you only need to know the password to access it (and we can add the username or other factors). Applications typically solve this problem by requiring the ...

Get Attacking and Exploiting Modern Web Applications now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Attacking and Exploiting Modern Web Applications by Simone Onofri, Donato Onofri

3

Attacking the Authentication Layer – a SAML Use Case

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly