Authentication / Authorization Badge
The Authentication/Authorization Badge covers vulnerabilities in authentication and authorisation. If focuses on SAML and Oauth.
17
0
14
OAuth2: Authorization Server CSRF
This exercise covers the exploitation of a CSRF in the Authorization server
Difficulty: EASY- 2 videos
- Ruby-On-Rails
- Completed by 234 students
- Takes Between 1 and 2 hours on average
SAML: Introduction
This exercise covers the exploitation of a signature stripping vulnerability in SAML
Difficulty: EASY- 2 videos
- RoR
- Completed by 880 students
- Takes Less than an hour on average
SAML: Comment Injection
This exercise covers the exploitation of a comment injection vulnerability in SAML
Difficulty: EASY- 2 videos
- Ruby on Rails
- Completed by 170 students
- Takes Less than an hour on average
SAML: Signature Stripping
This exercise covers the exploitation of a signature stripping vulnerability in SAML
Difficulty: EASY- 2 videos
- RoR
- Completed by 618 students
- Takes Less than an hour on average
OAuth2: Client CSRF
This exercise covers the exploitation of a CSRF in the OAuth2 Client
Difficulty: MEDIUM- 2 videos
- Ruby-On-Rails
- Completed by 176 students
- Takes Less than an hour on average
OAuth2: Client CSRF II
This exercise covers the exploitation of a CSRF in the OAuth2 Client
Difficulty: MEDIUM- 1 video
- Ruby-On-Rails
- Completed by 52 students
- Takes Between 2 and 4 hours on average
SAML: Known Key
This exercise covers the exploitation of a a known key in SAML
Difficulty: MEDIUM- Ruby on Rails
- Completed by 11 students
- Takes Between 1 and 2 hours on average
SAML: Trusted Embedded Key
This exercise covers the exploitation of a service provider (SP) that doesn't check the certificate provided in the SAMLResponse
Difficulty: MEDIUM- Ruby on Rails
- Completed by 7 students
- Takes Less than an hour on average
SAML: SAMLResponse forwarding Coming soon
This exercise covers how one can pass the SAMLResponse from one Service Provider to another Service Provider.
Difficulty: MEDIUM- Ruby on Rails
- Completed by 0 student
- Takes -- on average
OAuth2: State Fixation Coming soon
This exercise covers the exploitation of a state fixation in the OAuth2 Client
Difficulty: MEDIUM- Ruby-On-Rails
- Completed by 0 student
- Takes -- on average
CVE-2016-4977 Coming soon
This exercise explains how you can gain code execution on a system that relies on a vulnerable version of Spring's Oauth
Difficulty: MEDIUM- Java/Spring
- Completed by 0 student
- Takes -- on average
OAuth2: Authorization Server OpenRedirect
This exercise covers the exploitation of an OpenRedirect in the Authorization Server
Difficulty: MEDIUM- 3 videos
- Ruby-On-Rails
- Completed by 296 students
- Takes Between 1 and 2 hours on average
OAuth2: Client OpenRedirect
This exercise covers the exploitation of an OpenRedirect in the OAuth2 Client
Difficulty: MEDIUM- 2 videos
- Ruby-On-Rails
- Completed by 240 students
- Takes Between 1 and 2 hours on average
OAuth2: Github HTTP HEAD
This exercise covers the exploitation of the HTTP HEAD issue impacting Github in 2019
Difficulty: HARD- 2 videos
- Ruby-On-Rails
- Completed by 105 students
- Takes Between 1 and 2 hours on average
OAuth2: Client Server XSS
This exercise covers the exploitation of a Cross-Site Scripting in the OAuth2 Client Server
Difficulty: HARD- Ruby-On-Rails
- Completed by 16 students
- Takes Between 2 and 4 hours on average
OAuth2: Predictable State Coming soon
This exercise covers the exploitation of predictable state in the OAuth2 Client
Difficulty: HARD- Ruby-On-Rails
- Completed by 0 student
- Takes -- on average
OAuth2: Predictable State II Coming soon
This exercise covers the exploitation of predictable state in the OAuth2 Client
Difficulty: HARD- Ruby-On-Rails
- Completed by 0 student
- Takes -- on average