Good combination between lectures and practical tasks performed both alone, with support and live by the lecturers.

Review of a participant

The topic was well dealt with, and I was able to evaluate afterwards what is still missing in our app to make it secure. Great training!

Review of a participant

Sympathetic lecturers, impeccably presented and explained. Very knowledgeable in the subject. Especially good [...] was that suggestions were actively addressed. ...

Review of a participant

Single Sign-On Security:
OAuth and OpenID Connect

Your Benefits

In this interactive training, you will learn the security best practices for the single sign-on systems OAuth and OpenID Connect.

  • Understand how attackers steal tokens and the resulting risks.
  • Apply the suitable protocol variants of OAuth and OpenID Connect for optimally protecting your users.
  • Protect your single sign-on systems against unauthorized access and data theft.
  • Convince your customers with state-of-the-art security technologies such as Proof Key for Code Exchange (PKCE), mTLS and DPoP.

 

Possible Training Contents

We work with you to select the specific topics in advance in order to provide your team with the greatest possible benefit.

  • Introduction to Single Sign-On
    • OAuth and OpenID Connect Flows
    • Code Flow / Implicit Flow / Hybrid Flow

  • Generic Attacks on SSO Procedures
    • XSS, Clickjacking, CSRF, Open/Covert Redirects
    • OAuth- and OpenID Connect-specific Attacks
    • ID Token: Details and Attacks

  • Single-Phase Attacks
    • ID Spoofing Attacks
    • Signature Bypasses

  • Cross-Phase Attacks
    • Issuer Confusion
    • Malicious Endpoint Angriffe
    • IdP Confusion / Mix-Up

  • Security Best Practices
    • PKCE
    • Native Apps
    • Single-Page-Applications (SPAs)

  • Secure Token Bindings
    • Mutual TLS
    • DPoP

 

Target Audience

This training is intended for everyone who wants to build and maintain secure single sign-on systems using OAuth or OpenID Connect.

This course is helpful for, among others:

  • Identity management administrators
  • Identity provider and client developers
  • Penetration testers and security researchers

To participate, you will need a computer and a remote desktop client (RDP) to complete the interactive exercises.

Training Days

The training is designed for 2 days, from 9:00 - 17:00, 8 hours each (including breaks).

 

Hands-On

Learn important approaches with our practical component that will give you a deep understanding of the methods used by hackers and defenders.

 

Certificate of Attendance

After completing the training, you will receive a personalized digital certificate from us.

 

Your Investment

1.290€ excl. VAT per person.

 

 

Booking Options

Customized training options for you or your team.

Whether fixed date, team online training or classroom training, we adapt to your wishes.
Contact us for the training you require to receive an individual and non-binding offer.

Send the registration form or your individual booking request directly to Dr. Christian Mainka:

 

IT Security Consulting - Projektstatus analysieren - Hackmanit

Fixed Dates - Perfect for Individual Participants.

Take part in one of our fixed annual dates.
(See also table below > Next Online Training Course)

 

IT Security Consulting - Implementierung - Hackmanit

Team Online Training

Book an online IT security training course on an individual date.
(at least 5 participants)

 

IT Security Consulting - Implementierung - Hackmanit

On-Site Training at Your Company

We will come to you on request and find an individual appointment for you and your team.

 

IT Security Consulting - Implementierung - Hackmanit

On-Site Training at Hackmanit

We take care of the training facilities on site in Bochum with individual desired dates.

 

 

Next Online Training CourseRegistration Deadline
MAY
16.05. - 17.05.2024  |  Thu. - Fri.  |  from 9:00 to 17:00 o’clock  |  1.290€ plus VAT (per person)  |  GERMAN Monday, 13.05.2024
SEPTEMBER
18.09. - 19.09.2024  |  Wed. - Thu.  |  from 9:00 to 17:00 o’clock  |  1.290€ plus VAT (per person)  |  GERMAN Wednesday, 04.09.2024


Fixed Online Training Dates – Perfect for Individual Participants >>


Note:
We reserve the right to cancel the training if there are less than 5 participants. A possible cancellation will be communicated at least one week before the training date.

 

 

Dr. Christian Mainka

Your Contact for This IT Security Training

Dr. Christian Mainka | Department Single Sign-On
christian.mainka@hackmanit.de

* All prices excl. VAT