Single Sign-On Security: OAuth and OpenID Connect
In this interactive training, you will learn the security best practices for the single sign-on systems OAuth and OpenID Connect.
- Understand how attackers steal tokens and the resulting risks.
- Apply the suitable protocol variants of OAuth and OpenID Connect for optimally protecting your users.
- Protect your single sign-on systems against unauthorized access and data theft.
- Convince your customers with state-of-the-art security technologies such as Proof Key for Code Exchange (PKCE), mTLS and DPoP.
Certificate of Attendance
Possible Training Contents
- Introduction to Single Sign-On
- OAuth and OpenID Connect Flows
- Code Flow / Implicit Flow / Hybrid Flow
- Generic Attacks on SSO Procedures
- XSS, Clickjacking, CSRF, Open/Covert Redirects
- OAuth- and OpenID Connect-specific Attacks
- ID Token: Details and Attacks
- Single-Phase Attacks
- ID Spoofing Attacks
- Signature Bypasses
- Cross-Phase Attacks
- Issuer Confusion
- Malicious Endpoint Angriffe
- IdP Confusion
- Security Best Practices
- Native Apps
- Single-Page-Applications (SPAs)
- Secure Token Bindings
- Mutual TLS
This training is intended for everyone who wants to build and maintain secure single sign-on systems using OAuth or OpenID Connect.
This course is helpful for, among others:
- Identity management administrators
- Identity provider and client developers
- Penetration testers and security researchers
To participate, you will need a computer, as well as virtualization software for working on the interactive exercises. We recommend VirtualBox.
Customized training options for you or your team.
Team online training
(at least 5 participants)
On-site training at your company
On-site training at Hackmanit
Whether a fixed date, team online training or on-site training, we adapt to your wishes. Contact the person responsible for the desired training to receive an individual and non-binding offer. Send the registration form or the individual booking request by email to Dr. Christian Mainka:
|Next Online Training Course||Registration Deadline|
|06.04. - 07.04.2022 | Wed.-Thu. | from 9:00 to 17:00 o’clock | 1.290€ plus VAT (per person)||Wednesday, 23.03.2022|
Note: We reserve the right to cancel the training if there are less than 5 participants. A possible cancellation will be communicated at least one week before the training date.
Your Contact for This Training
Dr. Christian Mainka
* All prices excl. VAT