Main Page: Difference between revisions

From Single Sign-On Attacks
Jump to navigation Jump to search
No edit summary
 
No edit summary
(15 intermediate revisions by the same user not shown)
Line 1: Line 1:
'''MediaWiki has been successfully installed.'''
=Welcome to SSO-Attacks=


Consult the [http://meta.wikimedia.org/wiki/Help:Contents User's Guide] for information on using the wiki software.
SSO-Attacks.org was created by the Chair for Network and Data Security at Ruhr University Bochum, Germany [http://www.ruhr-uni-bochum.de]. Re­se­arch and de­ve­lop­ment at the Chair for Net­work and Data Se­cu­ri­ty con­cen­tra­tes on cryp­to­gra­phic pro­to­cols, In­ter­net se­cu­ri­ty and XML se­cu­ri­ty.


== Getting started ==
 
* [http://www.mediawiki.org/wiki/Manual:Configuration_settings Configuration settings list]
SSO-Attacks.org aims at delivering the most comprehensive enumeration of all known single sign-on (SSO) attacks. All attacks are categorised and structured in a stringent fashion. Depending on your viewpoint, you can choose to have attacks listed by one of the following categories:
* [http://www.mediawiki.org/wiki/Manual:FAQ MediaWiki FAQ]
*[[:Category:Attack_Categorisation_By_Attacker_Model|Attack Categorisation by attacker model]]<br>
* [https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce MediaWiki release mailing list]
*[[:Category:Attack_Categorisation_By_Attack_on_IdP/_SP|Attack Categorisation by attack on IdP/SP]]<br>
*[[:Category:Attack_Categorisation_By_Violated_Security_Objective|Attack Categorisation by violated security objective]] <br>
*[[:Category:Attack_Categorisation_By_Attacked_Single_Sign-On_Component|Attack Categorisation by attacked Single Sign-On component]]<br>
*[[:Category:Attack_Categorisation_By_Attack_Spreading|Attack Categorisation by attack spreading]]<br>
*[[:Category:Attack_Categorisation_By_Attack_on_SAML|Attack Categorisation by attack on SAML]]<br>
 
 
Alternatively, you can browse through the entire list of attacks (sorted by violated security objective):
 
 
Attacks primarily violating the security objective '''"Access Control"'''
*[[:Certificate_Faking]]
*[[:Replay_Attack]]
*[[:Signature_Exclusion_Attack]]
*[[:XML_Signature_Wrapping]]
 
Attacks primarily violating the security objective '''"Availability"'''
*[[:Token_Recipient_Confusion]]
 
Attacks primarily violating the security objective '''"Confidentiality"'''
*[[:Token_Recipient_Confusion]]
*[[:XML_External_Entity_Attack]]
*[[:XSLT_Attack]]
 
Attacks primarily violating the security objective '''"Integrity"'''
*[[:Token_Recipient_Confusion]]
 
 
 
If you have any questions or comments feel free to contact us!
[https://www.nds.ruhr-uni-bochum.de]

Revision as of 17:49, 26 January 2016

Welcome to SSO-Attacks

SSO-Attacks.org was created by the Chair for Network and Data Security at Ruhr University Bochum, Germany [1]. Re­se­arch and de­ve­lop­ment at the Chair for Net­work and Data Se­cu­ri­ty con­cen­tra­tes on cryp­to­gra­phic pro­to­cols, In­ter­net se­cu­ri­ty and XML se­cu­ri­ty.


SSO-Attacks.org aims at delivering the most comprehensive enumeration of all known single sign-on (SSO) attacks. All attacks are categorised and structured in a stringent fashion. Depending on your viewpoint, you can choose to have attacks listed by one of the following categories:


Alternatively, you can browse through the entire list of attacks (sorted by violated security objective):


Attacks primarily violating the security objective "Access Control"

Attacks primarily violating the security objective "Availability"

Attacks primarily violating the security objective "Confidentiality"

Attacks primarily violating the security objective "Integrity"


If you have any questions or comments feel free to contact us! [2]