Main Page: Difference between revisions
No edit summary |
No edit summary |
||
(10 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
= | =Welcome to SSO-Attacks= | ||
SSO-Attacks.org was created by the Chair for Network and Data Security at Ruhr University Bochum, Germany | SSO-Attacks.org was created by the Chair for Network and Data Security at Ruhr University Bochum, Germany [http://www.ruhr-uni-bochum.de]. Research and development at the Chair for Network and Data Security concentrates on cryptographic protocols, Internet security and XML security. | ||
SSO-Attacks.org aims at delivering the most comprehensive enumeration of all known single sign-on attacks. All attacks are categorised and structured in a stringent fashion. Depending on your viewpoint, you can choose to have attacks listed by one of the following categories: | SSO-Attacks.org aims at delivering the most comprehensive enumeration of all known single sign-on (SSO) attacks. All attacks are categorised and structured in a stringent fashion. Depending on your viewpoint, you can choose to have attacks listed by one of the following categories: | ||
*[[:Category:Attack_Categorisation_By_Attacker_Model|Attack Categorisation by attacker model]]<br> | |||
*[[:Category:Attack_Categorisation_By_Attack_on_IdP/_SP|Attack Categorisation by attack on IdP/SP]]<br> | |||
*[[:Category:Attack_Categorisation_By_Violated_Security_Objective|Attack Categorisation by violated security objective]] <br> | *[[:Category:Attack_Categorisation_By_Violated_Security_Objective|Attack Categorisation by violated security objective]] <br> | ||
*[[:Category: | *[[:Category:Attack_Categorisation_By_Attacked_Single_Sign-On_Component|Attack Categorisation by attacked Single Sign-On component]]<br> | ||
*[[:Category:Attack_Categorisation_By_Attack_Spreading|Attack Categorisation by attack spreading]]<br> | *[[:Category:Attack_Categorisation_By_Attack_Spreading|Attack Categorisation by attack spreading]]<br> | ||
*[[:Category:Attack_Categorisation_By_Attack_on_SAML|Attack Categorisation by attack on SAML]]<br> | *[[:Category:Attack_Categorisation_By_Attack_on_SAML|Attack Categorisation by attack on SAML]]<br> | ||
Line 18: | Line 18: | ||
Attacks primarily violating the security objective '''"Access Control"''' | Attacks primarily violating the security objective '''"Access Control"''' | ||
*[[:Certificate_Faking]] | *[[:Certificate_Faking]] | ||
*[[:Certificate Injection]] | |||
*[[:Replay_Attack]] | *[[:Replay_Attack]] | ||
*[[:Signature_Exclusion_Attack]] | *[[:Signature_Exclusion_Attack]] | ||
*[[:XML_Signature_Wrapping]] | *[[:XML_Signature_Wrapping]] | ||
Attacks primarily violating the security objective '''"Availability"''' | |||
*[[:Token_Recipient_Confusion]] | |||
Attacks primarily violating the security objective '''"Confidentiality"''' | Attacks primarily violating the security objective '''"Confidentiality"''' | ||
*[[:Token_Recipient_Confusion]] | |||
*[[:XML_External_Entity_Attack]] | *[[:XML_External_Entity_Attack]] | ||
*[[:XSLT_Attack]] | *[[:XSLT_Attack]] | ||
Attacks primarily violating the security objective '''"Integrity"''' | |||
*[[:Token_Recipient_Confusion]] | |||
If you have any questions or comments feel free to contact us! | If you have any questions or comments feel free to contact us! | ||
[https://www.nds.ruhr-uni-bochum.de] |
Latest revision as of 18:36, 2 February 2016
Welcome to SSO-Attacks
SSO-Attacks.org was created by the Chair for Network and Data Security at Ruhr University Bochum, Germany [1]. Research and development at the Chair for Network and Data Security concentrates on cryptographic protocols, Internet security and XML security.
SSO-Attacks.org aims at delivering the most comprehensive enumeration of all known single sign-on (SSO) attacks. All attacks are categorised and structured in a stringent fashion. Depending on your viewpoint, you can choose to have attacks listed by one of the following categories:
- Attack Categorisation by attacker model
- Attack Categorisation by attack on IdP/SP
- Attack Categorisation by violated security objective
- Attack Categorisation by attacked Single Sign-On component
- Attack Categorisation by attack spreading
- Attack Categorisation by attack on SAML
Alternatively, you can browse through the entire list of attacks (sorted by violated security objective):
Attacks primarily violating the security objective "Access Control"
- Certificate_Faking
- Certificate Injection
- Replay_Attack
- Signature_Exclusion_Attack
- XML_Signature_Wrapping
Attacks primarily violating the security objective "Availability"
Attacks primarily violating the security objective "Confidentiality"
Attacks primarily violating the security objective "Integrity"
If you have any questions or comments feel free to contact us! [2]