Main Page

Welcome to SSO-Attacks!

SSO-Attacks.org was created by the Chair for Network and Data Security at Ruhr University Bochum, Germany.

All attacks are categorised and structured in a stringent fashion. Depending on your viewpoint, you can choose to have attacks listed by one of the following categories:

• Attack Categorisation by violated security objective
  
• Attack Categorisation by attack on IdP/SP
  
• Attack Categorisation by attacked web service component
  
• Attack Categorisation by attack spreading
  
• Attack Categorisation by attacker model
  
• Attack Categorisation by attack on SAML
  

Alternatively, you can browse through the entire list of attacks (sorted by violated security objective):

Attacks primarily violating the security objective "Access Control"

• Certificate_Faking
• Replay_Attack
• Signature_Exclusion_Attack
• XML_Signature_Wrapping

Attacks primarily violating the security objective "Confidentiality"

• XML_External_Entity_Attack
• XSLT_Attack

If you have any questions or comments feel free to contact us!