Authentication / Authorization Badge
166 Completed
50 Videos
25 Exercises
The Authentication/Authorization Badge covers vulnerabilities in authentication and authorisation. If focuses on SAML and Oauth.
Exercises
Easy
PENTESTERLAB
SAML: Introduction
- This exercise covers the exploitation of a signature stripping vulnerability in SAML
- 3 videos
- Completed by 2598 students
- Takes < 1 Hr. on average
- RoR
Easy
PENTESTERLAB
OAuth2: Authorization Server CSRF
- This exercise covers the exploitation of a CSRF in an OAuth2 Authorization Server
- 2 videos
- Completed by 1048 students
- Takes 1-2 Hrs. on average
- Ruby-On-Rails
- CWE-352
Medium
PENTESTERLAB
SAML: Signature Stripping
- This exercise covers the exploitation of a signature stripping vulnerability in SAML
- 3 videos
- Completed by 1868 students
- Takes < 1 Hr. on average
- RoR
Medium
PENTESTERLAB
SAML: Comment Injection
- This exercise covers the exploitation of a comment injection vulnerability in SAML
- 2 videos
- Completed by 1488 students
- Takes < 1 Hr. on average
- Ruby on Rails
Medium
PENTESTERLAB
SAML: CVE-2021-21239
- This exercise covers the exploitation of CVE-2021-21239 (PySAML2)
- 2 videos
- Completed by 51 students
- Takes 2-4 Hrs. on average
- Python
Medium
PENTESTERLAB
SAML: Signature Wrapping III
- This exercise covers the exploitation of a Signature Wrapping Issue in passport-saml (CVE-2022-39299)
- 2 videos
- Completed by 77 students
- Takes 1-2 Hrs. on average
- Node
Medium
PENTESTERLAB
OAuth2: Authorization Server XSS
- This exercise covers the exploitation of an XSS in an OAuth2 Authorization Server
- 2 videos
- Completed by 324 students
- Takes < 1 Hr. on average
- Ruby-On-Rails
Medium
PENTESTERLAB
SAML: Comment Injection II
- This exercise covers the exploitation of a comment injection vulnerability in SAML
- 3 videos
- Completed by 528 students
- Takes < 1 Hr. on average
- Ruby on Rails
Medium
PENTESTERLAB
OAuth2: State Fixation
- This exercise covers the exploitation of a state fixation in an OAuth2 Client
- 2 videos
- Completed by 363 students
- Takes 1-2 Hrs. on average
- Ruby-On-Rails
Medium
PENTESTERLAB
SAML: SAMLResponse forwarding
- This exercise covers how to pass the SAMLResponse from one Service Provider to another
- 1 video
- Completed by 443 students
- Takes < 1 Hr. on average
- Ruby on Rails
Medium
PENTESTERLAB
SAML: Trusted Embedded Key
- This exercise covers the exploitation of a Service Provider (SP) that doesn't check the certificate provided in the SAMLResponse
- 2 videos
- Completed by 454 students
- Takes < 1 Hr. on average
- Ruby on Rails
Medium
PENTESTERLAB
SAML: Known Key
- This exercise covers the exploitation of a known key in SAML
- 3 videos
- Completed by 477 students
- Takes 1-2 Hrs. on average
- Ruby on Rails
Medium
PENTESTERLAB
OAuth2: Client CSRF II
- This exercise covers the exploitation of a CSRF in an OAuth2 Client
- 2 videos
- Completed by 459 students
- Takes 2-4 Hrs. on average
- Ruby-On-Rails
- CWE-352
Medium
PENTESTERLAB
OAuth2: Client CSRF
- This exercise covers the exploitation of a CSRF in an OAuth2 Client
- 2 videos
- Completed by 906 students
- Takes < 1 Hr. on average
- Ruby-On-Rails
- CWE-352
Medium
PENTESTERLAB
OAuth2: Client OpenRedirect
- This exercise covers the exploitation of an OpenRedirect in an OAuth2 Client
- 2 videos
- Completed by 785 students
- Takes < 1 Hr. on average
- Ruby-On-Rails
Medium
PENTESTERLAB
OAuth2: Authorization Server OpenRedirect
- This exercise covers the exploitation of an OpenRedirect in an OAuth2 Authorization Server
- 3 videos
- Completed by 898 students
- Takes < 1 Hr. on average
- Ruby-On-Rails
Hard
PENTESTERLAB
OAuth2: Predictable State
- This exercise covers the exploitation of a predictable state in an OAuth2 Client
- 2 videos
- Completed by 265 students
- Takes 2-4 Hrs. on average
- Ruby-On-Rails
Hard
PENTESTERLAB
OAuth2: Predictable State II
- This exercise covers the exploitation of a predictable state in an OAuth2 Client
- 2 videos
- Completed by 246 students
- Takes 1-2 Hrs. on average
- Ruby-On-Rails
Hard
PENTESTERLAB
SAML: Signature Wrapping
- This exercise covers how to use Signature Wrapping to become an arbitrary user
- 2 videos
- Completed by 490 students
- Takes < 1 Hr. on average
- Ruby on Rails
Hard
PENTESTERLAB
SAML: Signature Wrapping II
- This exercise covers how to use Signature Wrapping to become an arbitrary user
- 2 videos
- Completed by 396 students
- Takes < 1 Hr. on average
- Ruby on Rails
Hard
PENTESTERLAB
OAuth2: Client Server XSS
- This exercise covers the exploitation of a Cross-Site Scripting in an OAuth2 Client and Server
- 2 videos
- Completed by 340 students
- Takes 1-2 Hrs. on average
- Ruby-On-Rails
Hard
PENTESTERLAB
OAuth2: Authorization Server XSS II
- This exercise covers the exploitation of an XSS in an OAuth2 Authorization Server
- 2 videos
- Completed by 246 students
- Takes < 1 Hr. on average
- Ruby-On-Rails
Hard
PENTESTERLAB
OAuth2: Github HTTP HEAD
- This exercise covers the exploitation of the HTTP HEAD issue impacting Github in 2019
- 2 videos
- Completed by 430 students
- Takes < 1 Hr. on average
- Ruby-On-Rails