➤ Single Sign-On |
---|
SSO 1 – Introduction to Single Sign-On: OAuth and OpenID Connect |
SSO 2 – Single Sign-On Security: OAuth and OpenID Connect |
SSO 3 – OAuth 2.1 and OpenID Connect – Master Class >> NEW |
SSO S – Single Sign-On Security: SAML |
Back to Overview – IT Security Training >> |
Single Sign-On Security:
OAuth and OpenID Connect
Your Benefits
In this interactive training, you will learn the security best practices for the single sign-on systems OAuth and OpenID Connect.
- Understand how attackers steal tokens and the resulting risks.
- Apply the suitable protocol variants of OAuth and OpenID Connect for optimally protecting your users.
- Protect your single sign-on systems against unauthorized access and data theft.
- Convince your customers with state-of-the-art security technologies such as Proof Key for Code Exchange (PKCE), mTLS and DPoP.
Possible Training Contents
We work with you to select the specific topics in advance in order to provide your team with the greatest possible benefit.
- Introduction to Single Sign-On
- OAuth and OpenID Connect Flows
- Code Flow / Implicit Flow / Hybrid Flow
- Generic Attacks on SSO Procedures
- XSS, Clickjacking, CSRF, Open/Covert Redirects
- OAuth- and OpenID Connect-specific Attacks
- ID Token: Details and Attacks
- Single-Phase Attacks
- ID Spoofing Attacks
- Signature Bypasses
- Cross-Phase Attacks
- Issuer Confusion
- Malicious Endpoint Angriffe
- IdP Confusion / Mix-Up
- Security Best Practices
- PKCE
- Native Apps
- Single-Page-Applications (SPAs)
- Secure Token Bindings
- Mutual TLS
- DPoP
Target Audience
This training is intended for everyone who wants to build and maintain secure single sign-on systems using OAuth or OpenID Connect.
This course is helpful for, among others:
- Identity management administrators
- Identity provider and client developers
- Penetration testers and security researchers
To participate, you will need a computer and a remote desktop client (RDP) to complete the interactive exercises.
Booking Options
Customized training options for you or your team.
Whether fixed date, team online training or classroom training, we adapt to your wishes.
Contact us for the training you require to receive an individual and non-binding offer.
Send the registration form or your individual booking request directly to Dr. Christian Mainka:
➤ Fixed Online Training Dates – Perfect for Individual Participants >>
Note: We reserve the right to cancel the training if there are less than 5 participants. A possible cancellation will be communicated at least one week before the training date.
Your Contact for This IT Security Training
Dr. Christian Mainka | Department Single Sign-On
christian.mainka@hackmanit.de
* All prices excl. VAT