The SAML Ramble (Ep. 46) скачать в хорошем качестве

The SAML Ramble (Ep. 46)

Episode 46: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is deep diving the topic of SAML (Security Assertion Markup Language), and walks through what it is and why it can be intimidating, before going over some key attack vectors to look for. Then he closes out with a commentary on a sample payload, and some HackerOne reports. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater & Teknogeek on twitter:   / 0xteknogeek     / rhynorater   ====== Ways to Support CTBBPodcast ====== Sign up for Caido using the referral code CTBBPODCAST for a 10% discount. KazHACKstan https://kazhackstan.com/en Testing SAML security with DAST https://agrrrdog.blogspot.com/2023/01... How to break SAML if I have paws? https://speakerdeck.com/greendog/how-... How to Hunt Bugs in SAML; a Methodology https://epi052.gitlab.io/notes-to-sel... SAML Raider https://portswigger.net/bappstore/c61... External Entity Injection during XML signature verification https://bugs.chromium.org/p/project-z... mTLS: When certificate authentication is done wrong https://github.blog/2023-08-17-mtls-w... HackerOne Uber Report https://hackerone.com/reports/136169 Timestamps: (00:00:00) Introduction (00:05:25) Understanding SAML and its complexities (00:08:30) SAML Attack Vectors (00:14:15) XML Signature Wrapping (00:19:50) Some SAML tests to try (00:30:30) Sample Payload description (00:34:10) Token Recipient confusion (00:36:05) HackerOne Reports