Main Page: Difference between revisions
No edit summary |
No edit summary |
||
| Line 2: | Line 2: | ||
SSO-Attacks.org was created by the Chair for Network and Data Security at Ruhr University Bochum, Germany [[http://www.ruhr-uni-bochum.de]]. Research and development at the Chair for Network and Data Security concentrates on cryptographic protocols, Internet security and XML security. | SSO-Attacks.org was created by the Chair for Network and Data Security at Ruhr University Bochum, Germany [[http://www.ruhr-uni-bochum.de]]. Research and development at the Chair for Network and Data Security concentrates on cryptographic protocols, Internet security and XML security. | ||
SSO-Attacks.org aims at delivering the most comprehensive enumeration of all known single sign-on attacks. All attacks are categorised and structured in a stringent fashion. Depending on your viewpoint, you can choose to have attacks listed by one of the following categories: | SSO-Attacks.org aims at delivering the most comprehensive enumeration of all known single sign-on attacks. All attacks are categorised and structured in a stringent fashion. Depending on your viewpoint, you can choose to have attacks listed by one of the following categories: | ||
| Line 12: | Line 13: | ||
Alternatively, you can browse through the entire list of attacks (sorted by violated security objective): | |||
Attacks primarily violating the security objective '''"Access Control"''' | Attacks primarily violating the security objective '''"Access Control"''' | ||
| Line 21: | Line 22: | ||
*[[:XML_Signature_Wrapping]] | *[[:XML_Signature_Wrapping]] | ||
Attacks primarily violating the security objective "Confidentiality" | Attacks primarily violating the security objective '''"Confidentiality"''' | ||
*[[:XML_External_Entity_Attack]] | *[[:XML_External_Entity_Attack]] | ||
*[[:XSLT_Attack]] | *[[:XSLT_Attack]] | ||
Revision as of 16:15, 14 January 2016
Welcome to SSO-Attacks!
SSO-Attacks.org was created by the Chair for Network and Data Security at Ruhr University Bochum, Germany [[1]]. Research and development at the Chair for Network and Data Security concentrates on cryptographic protocols, Internet security and XML security.
SSO-Attacks.org aims at delivering the most comprehensive enumeration of all known single sign-on attacks. All attacks are categorised and structured in a stringent fashion. Depending on your viewpoint, you can choose to have attacks listed by one of the following categories:
- Attack Categorisation by violated security objective
- Attack Categorisation by attack on IdP/SP
- Attack Categorisation by attacked web service component
- Attack Categorisation by attack spreading
- Attack Categorisation by attacker model
- Attack Categorisation by attack on SAML
Alternatively, you can browse through the entire list of attacks (sorted by violated security objective):
Attacks primarily violating the security objective "Access Control"
Attacks primarily violating the security objective "Confidentiality"
If you have any questions or comments feel free to contact us! [[2]]