Authors: Emanuel Duss, Roland Bischofberger
Date & time: Thurs. 3 nov - 11:45 to 12:30
The Security Assertion Markup Language (SAML) provides a framework for cross-domain single sign-on in the enterprise field ... with a single point of failure; what if you could break it? In this talk we will first discuss the benefits of SAML by presenting two showcases of Swiss institutions that heavily rely on this technology. Then, we'll turn to the risks by reviewing previous attacks on SAML and a new one we call X509 certificate tampering. We will also present SAML Raider, a tool developed at Compass Security that automatically performs different kinds SAML attacks. This tool helped us disclose multiple flaws during penetration tests. Finally, we will perform a live demonstration of SAML Raider by targeting a vulnerable SAML instance in a test setup.
Biography: Emanuel Duss finished his BSc in IT at the Hochschule für Technik Rapperswil last summer. In his bachelor thesis, he analyzed SAML vulnerabilities and developed a Burp Suite Extension named SAML Raider for pentesting SAML service providers. As a term paper he researched vulnerabilities in XSLT implementations with regard to SSRF and gave a presentation at OWASP Switzerland about the results. He has been working as a security analyst at Compass Security since summer 2016.