29C3: On Breaking SAML (EN)
Speaker: Andreas Mayer
Be Whoever You Want to Be
The Security Assertion Markup Language (SAML) is a widely adopted language for making security statements about subjects. It is a critical component for the development of federated identity deployments and Single Sign-On scenarios. In order to protect integrity and authenticity of the exchanged SAML assertions, the XML Signature standard is applied. However, the signature verification algorithm is much more complex than in traditional signature formats like PKCS#7. The integrity protection can thus be successfully circumvented by application of different XML Signature specific attacks, under a weak adversarial model.
For more information visit: http://bit.ly/29C3_information
To download the video visit: http://bit.ly/29C3_videos
Playlist 28C3: http://bit.ly/29C3_playlist
-
kategori
Hiçbir yorum bulunamadı