Authentication / Authorization Badge

17 Exercises

image for OAuth2: Authorization Server CSRF

OAuth2: Authorization Server CSRF

This exercise covers the exploitation of a CSRF in the Authorization server
2 videos
Completed by 307 students
Takes Between 1 and 2 hours on average
Ruby-On-Rails

image for SAML: Introduction

SAML: Introduction

This exercise covers the exploitation of a signature stripping vulnerability in SAML
2 videos
Completed by 1060 students
Takes Less than an hour on average
RoR

image for SAML: Comment Injection

SAML: Comment Injection

This exercise covers the exploitation of a comment injection vulnerability in SAML
2 videos
Completed by 308 students
Takes Less than an hour on average
Ruby on Rails

image for SAML: Signature Stripping

SAML: Signature Stripping

This exercise covers the exploitation of a signature stripping vulnerability in SAML
2 videos
Completed by 754 students
Takes Less than an hour on average
RoR

image for OAuth2: Client CSRF

OAuth2: Client CSRF

This exercise covers the exploitation of a CSRF in the OAuth2 Client
2 videos
Completed by 231 students
Takes Less than an hour on average
Ruby-On-Rails

image for OAuth2: Client CSRF II

OAuth2: Client CSRF II

This exercise covers the exploitation of a CSRF in the OAuth2 Client
1 video
Completed by 69 students
Takes Between 2 and 4 hours on average
Ruby-On-Rails

image for SAML: Known Key

SAML: Known Key

This exercise covers the exploitation of a known key in SAML
Completed by 29 students
Takes Between 1 and 2 hours on average
Ruby on Rails

image for SAML: Trusted Embedded Key

SAML: Trusted Embedded Key

This exercise covers the exploitation of a service provider (SP) that doesn't check the certificate provided in the SAMLResponse
Completed by 28 students
Takes Less than an hour on average
Ruby on Rails

Coming soon

Medium

image for SAML: SAMLResponse forwarding

SAML: SAMLResponse forwarding

This exercise covers how one can pass the SAMLResponse from one Service Provider to another Service Provider.
Completed by 0 student
Takes -- on average
Ruby on Rails

image for OAuth2: State Fixation

OAuth2: State Fixation

This exercise covers the exploitation of a state fixation in the OAuth2 Client
Completed by 3 students
Takes Less than an hour on average
Ruby-On-Rails

Coming soon

Medium

image for CVE-2016-4977

CVE-2016-4977

This exercise explains how you can gain code execution on a system that relies on a vulnerable version of Spring's Oauth
Completed by 0 student
Takes -- on average
Java/Spring

image for OAuth2: Authorization Server OpenRedirect

OAuth2: Authorization Server OpenRedirect

This exercise covers the exploitation of an OpenRedirect in the Authorization Server
3 videos
Completed by 359 students
Takes Between 1 and 2 hours on average
Ruby-On-Rails

image for OAuth2: Client OpenRedirect

OAuth2: Client OpenRedirect

This exercise covers the exploitation of an OpenRedirect in the OAuth2 Client
2 videos
Completed by 290 students
Takes Between 1 and 2 hours on average
Ruby-On-Rails

image for OAuth2: Github HTTP HEAD

OAuth2: Github HTTP HEAD

This exercise covers the exploitation of the HTTP HEAD issue impacting Github in 2019
2 videos
Completed by 129 students
Takes Between 1 and 2 hours on average
Ruby-On-Rails

image for OAuth2: Client Server XSS

OAuth2: Client Server XSS

This exercise covers the exploitation of a Cross-Site Scripting in the OAuth2 Client Server
Completed by 25 students
Takes Between 2 and 4 hours on average
Ruby-On-Rails

image for OAuth2: Predictable State

OAuth2: Predictable State

This exercise covers the exploitation of predictable state in the OAuth2 Client
Completed by 5 students
Takes Less than an hour on average
Ruby-On-Rails

image for OAuth2: Predictable State II

OAuth2: Predictable State II

This exercise covers the exploitation of predictable state in the OAuth2 Client
Completed by 4 students
Takes Less than an hour on average
Ruby-On-Rails