Single Sign-On Security: OAuth and OpenID Connect
Your Benefits
In this interactive training, you will learn the security best practices for the single sign-on systems OAuth and OpenID Connect.
- Understand how attackers steal tokens and the resulting risks.
- Apply the suitable protocol variants of OAuth and OpenID Connect for optimally protecting your users.
- Protect your single sign-on systems against unauthorized access and data theft.
- Convince your customers with state-of-the-art security technologies such as Proof Key for Code Exchange (PKCE), mTLS and DPoP.

2 Days

Hands-On

Certificate of Attendance

1.290 €*
Possible Training Contents
- Introduction to Single Sign-On
- OAuth and OpenID Connect Flows
- Code Flow / Implicit Flow / Hybrid Flow
- Generic Attacks on SSO Procedures
- XSS, Clickjacking, CSRF, Open/Covert Redirects
- OAuth- and OpenID Connect-specific Attacks
- ID Token: Details and Attacks
- Single-Phase Attacks
- ID Spoofing Attacks
- Signature Bypasses
- Cross-Phase Attacks
- Issuer Confusion
- Malicious Endpoint Angriffe
- IdP Confusion / Mix-Up
- Security Best Practices
- PKCE
- Native Apps
- Single-Page-Applications (SPAs)
- Secure Token Bindings
- Mutual TLS
- DPoP
Target Audience
This training is intended for everyone who wants to build and maintain secure single sign-on systems using OAuth or OpenID Connect.
This course is helpful for, among others:
- Identity management administrators
- Identity provider and client developers
- Penetration testers and security researchers
To participate, you will need a computer, as well as virtualization software for working on the interactive exercises. We recommend VirtualBox.
Booking Options
Customized training options for you or your team.

Fixed Date

Team online training
(at least 5 participants)

On-site training at your company

On-site training at Hackmanit
Whether a fixed date, team online training or on-site training, we adapt to your wishes. Contact the person responsible for the desired training to receive an individual and non-binding offer. Send the registration form or the individual booking request by email to Dr. Christian Mainka:
Note: We reserve the right to cancel the training if there are less than 5 participants. A possible cancellation will be communicated at least one week before the training date.

Your Contact for This Training
Karsten Meyer zu Selhausen
karsten.meyerzuselhausen@hackmanit.de
* All prices excl. VAT