Session Details

Session Details2019-01-07T06:21:08-05:00

Mistaken Identity: SAML and OAuth Security

Presented by: Wolfgang Goerlich

While everyone was focused on credentials, criminals quietly moved to exploiting mistakes in identity. You have a long and strong password? That’s sweet. You’re using all three types of multi-factor? That’s cute. It won’t matter when the adversaries compromise identity protocols after authentication. But at least you tried. The trouble is that protocols like Security Assertion Markup Language (SAML) and OpenID Connect (OIDC) are difficult to get right. Few security professionals get it right every time. Most of us get these protocols mostly working — misconfigurations be damned. This session provides an overview of common mistakes and a set of practices for protecting federated identity and single sign-on. Attendees will leave with a knot in their stomach and a list of things to check with their code.

Tags: SecurityLevel: Intermediate