Good combination between lectures and practical tasks performed both alone, with support and live by the lecturers.

Review of a participant

The topic was well dealt with, and I was able to evaluate afterwards what is still missing in our app to make it secure. Great training!

Review of a participant

Sympathetic lecturers, impeccably presented and explained. Very knowledgeable in the subject. Especially good [...] was that suggestions were actively addressed. ...

Review of a participant

Single Sign-On Security: OAuth and OpenID Connect

Your Benefits

In this interactive training, you will learn the security best practices for the single sign-on systems OAuth and OpenID Connect.

Understand how attackers steal tokens and the resulting risks.
Apply the suitable protocol variants of OAuth and OpenID Connect for optimally protecting your users.
Protect your single sign-on systems against unauthorized access and data theft.
Convince your customers with state-of-the-art security technologies such as Proof Key for Code Exchange (PKCE), mTLS and DPoP.

2 Days

Hands-On

hackmanit it security schulung team teilnahme zertifikat

Certificate of Attendance

1.290 €*

Possible Training Contents

Introduction to Single Sign-On
- OAuth and OpenID Connect Flows
- Code Flow / Implicit Flow / Hybrid Flow
Generic Attacks on SSO Procedures
- XSS, Clickjacking, CSRF, Open/Covert Redirects
- OAuth- and OpenID Connect-specific Attacks
- ID Token: Details and Attacks
Single-Phase Attacks
- ID Spoofing Attacks
- Signature Bypasses
Cross-Phase Attacks
- Issuer Confusion
- Malicious Endpoint Angriffe
- IdP Confusion / Mix-Up
Security Best Practices
- PKCE
- Native Apps
- Single-Page-Applications (SPAs)
Secure Token Bindings
- Mutual TLS
- DPoP

Target Audience

This training is intended for everyone who wants to build and maintain secure single sign-on systems using OAuth or OpenID Connect.

This course is helpful for, among others:

Identity management administrators
Identity provider and client developers
Penetration testers and security researchers

To participate, you will need a computer, as well as virtualization software for working on the interactive exercises. We recommend VirtualBox.

Booking Options

Customized training options for you or your team.

Fixed Date

hackmanit it security schulung team online

Team online training
(at least 5 participants)

hackmanit it security schulung präsenzschulung bei ihnen

On-site training at your company

hackmanit it security schulung präsenzschulung bei Hackmanit

On-site training at Hackmanit

Whether a fixed date, team online training or on-site training, we adapt to your wishes. Contact the person responsible for the desired training to receive an individual and non-binding offer. Send the registration form or the individual booking request by email to Dr. Christian Mainka:

Next Online Training Course	Registration Deadline
FEBRUARY
21.02. - 22.02.2024 \| Wed. - Thu. \| from 9:00 to 17:00 o’clock \| 1.290€ plus VAT (per person) \| GERMAN	Wednesday, 07.02.2024
SEPTEMBER
18.09. - 19.09.2024 \| Wed. - Thu. \| from 9:00 to 17:00 o’clock \| 1.290€ plus VAT (per person) \| GERMAN	Wednesday, 04.09.2024

Next Online Training Course

FEBRUARY
21.02. - 22.02.2024 (Wed.-Thu.) | from 9:00 to 17:00 o’clock | 1.290€ plus VAT (per person) | GERMAN | Registration Deadline: Wednesday, 07.02.2024

SEPTEMBER
18.09. - 19.09.2024 (Wed.-Thu.) | from 9:00 to 17:00 o’clock | 1.290€ plus VAT (per person) | GERMAN | Registration Deadline: Wednesday, 04.09.2024

Note: We reserve the right to cancel the training if there are less than 5 participants. A possible cancellation will be communicated at least one week before the training date.

Download | Example Slides
Download | Flyer
OAuth and OpenID Connect
Download | Registration Form

Your Contact for This Training

Karsten Meyer zu Selhausen
karsten.meyerzuselhausen@hackmanit.de

* All prices excl. VAT

Phone:	+49 (0)234 / 54459996

Fax:	+49 (0)234 / 54427593

E-Mail:	mail@hackmanit.de