Single Sign-On Security: OAuth and OpenID Connect
In this interactive training, you will learn the security best practices for the single sign-on systems OAuth and OpenID Connect.
- Understand how attackers steal tokens and the resulting risks.
- Apply the suitable protocol variants of OAuth and OpenID Connect for optimally protecting your users.
- Protect your single sign-on systems against unauthorized access and data theft.
- Convince your customers with state-of-the-art security technologies such as Proof Key for Code Exchange (PKCE), mTLS and DPoP.
Certificate of Attendance
Possible Training Contents
- Introduction to Single Sign-On
- OAuth and OpenID Connect Flows
- Code Flow / Implicit Flow / Hybrid Flow
- Generic Attacks on SSO Procedures
- XSS, Clickjacking, CSRF, Open/Covert Redirects
- OAuth- and OpenID Connect-specific Attacks
- ID Token: Details and Attacks
- Single-Phase Attacks
- ID Spoofing Attacks
- Signature Bypasses
- Cross-Phase Attacks
- Issuer Confusion
- Malicious Endpoint Angriffe
- IdP Confusion / Mix-Up
- Security Best Practices
- Native Apps
- Single-Page-Applications (SPAs)
- Secure Token Bindings
- Mutual TLS
This training is intended for everyone who wants to build and maintain secure single sign-on systems using OAuth or OpenID Connect.
This course is helpful for, among others:
- Identity management administrators
- Identity provider and client developers
- Penetration testers and security researchers
To participate, you will need a computer, as well as virtualization software for working on the interactive exercises. We recommend VirtualBox.
Customized training options for you or your team.
Team online training
(at least 5 participants)
On-site training at your company
On-site training at Hackmanit
Whether a fixed date, team online training or on-site training, we adapt to your wishes. Contact the person responsible for the desired training to receive an individual and non-binding offer. Send the registration form or the individual booking request by email to Dr. Christian Mainka:
|Next Online Training Course||Registration Deadline|
|21.02. - 22.02.2024 | Wed. - Thu. | from 9:00 to 17:00 o’clock | 1.290€ plus VAT (per person) | GERMAN||Wednesday, 07.02.2024|
|18.09. - 19.09.2024 | Wed. - Thu. | from 9:00 to 17:00 o’clock | 1.290€ plus VAT (per person) | GERMAN||Wednesday, 04.09.2024|
Note: We reserve the right to cancel the training if there are less than 5 participants. A possible cancellation will be communicated at least one week before the training date.
Your Contact for This Training
Karsten Meyer zu Selhausen
* All prices excl. VAT