Hi there!,
This is the Fifth topic in this series. You can have a look at other topics also for getting a better idea about the series and the pattern.
Fifth Topic - Authentication and Authorisation
As I started exploring these topics in detail, I mostly focused on two widely used standard which is SAML and OAuth 2.0.
SAML(Security Assertion markup language)
Resources
-
https://duo.com/blog/the-beer-drinkers-guide-to-saml
(Nice blog on explaning SAML) -
https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final91.pdf
(Awesome Whitepaper on various attacks) -
https://epi052.gitlab.io/notes-to-self/blog/2019-03-07-how-to-test-saml-a-methodology/
(Nice blog series on explaining the SAML flow and various attack vector) -
https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf
(Doc on different profiles)
Tools
- https://github.com/PortSwigger/saml-raider
(Extender in Burpsuite for SAML attacks)
OAuth 2.0
Resources
- https://portswigger.net/web-security/oauth
(Portswigger Ref)
Labs
- https://portswigger.net/web-security/all-labs#oauth-authentication (Portswigger Labs)
Feel free to drop any suggestions via my social handles.
Thanks for reading!!!.