Show simple item record

dc.contributor.authorMainka, Christian
dc.contributor.authorMladenov, Vladislav
dc.contributor.authorGuenther, Tim
dc.contributor.authorSchwenk, Jörg
dc.contributor.editorHühnlein, Detlef
dc.contributor.editorRoßnagel, Heiko
dc.contributor.editorKuhlisch, Raik
dc.contributor.editorZiesing, Jan
dc.date.accessioned2017-06-30T02:54:29Z
dc.date.available2017-06-30T02:54:29Z
dc.date.issued2015
dc.identifier.isbn978-3-88579-645-9
dc.identifier.issn1617-5468
dc.description.abstractSAML, Mozilla BrowserID, OpenID, OpenID Connect, Facebook Connect, Microsoft Account, OAuth - today's web applications are supporting a large set of Single Sign-On (SSO) solutions. Some of them have common properties and behavior, others are completely different. This paper will give an overview of modern SSO protocols. We classify them into two groups and show how to distinguish them from each other. We provide EsPReSSO, an open source Burpsuite plugin that identifies SSO protocols automatically in a browser's HTTP traffic and helps penetration testers and security auditors to manipulate SSO flows easily.en
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofOpen Identity Summit 2015
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-251
dc.titleAutomatic recognition, processing and attacking of single sign-on protocols with burp suiteen
dc.typeText/Conference Paper
dc.pubPlaceBonn
mci.reference.pages117-131
mci.conference.locationBerlin
mci.conference.date10.-11. November 2015


Files in this item

Thumbnail

Show simple item record