The content and overall structure and organization were really very good. [...] The VM and the exercises are really very well done ...

Review of a participant

As a technical training one of the best if not the best in my career so far (10 years) ...

Review of a participant

The VM is awesome because of your own developments [...] I have taken much more with me than, for example, from training courses for certifications ...”

Review of a participant

Single Sign-On Security: SAML

Your Benefits

In this interactive training, you will learn the security best practices for SAML-based single sign-on systems.

  • Understand how attackers steal SAML tokens and the resulting risks.
  • Take the right actions to protect your service and identity providers against cyber attacks.
  • Protect your SAML systems from attackers unauthorized access and data theft.
  • Convince your customers with state-of-the-art security technologies such as Holder-of-Key (HoK).

 

Possible Training Contents

We work with you to select the specific topics in advance in order to provide your team with the greatest possible benefit.

  • Introduction
    • XML Parsing (DOM vs. SAX)
    • XML Schema
    • Extensible Stylesheet Language (XSLT)

  • Document Type Definition
    • XML (External) Entity Attacks
    • XML-specific Denial-of-Service Attacks

  • SAML-based Single Sign-On
    • XML Signature
    • Web Browser SSO Profile

  • Attacks on SAML Service Providern
    • Replay Attacks
    • Signature Exclusion
    • XML Signature Wrapping (XSW)
    • Certificate Faking and Injection Angriffe
    • Covert Redirect Attacks

  • Anttacks on SAML Identity Provider SAML

  • SAML Secure Bindings

  • Apply the knowledge you have acquired to your own applications

 

Target Audience

This training is intended for people who want to build and maintain secure SAML systems.

This course is helpful for, among others:

  • Identity management administrators
  • Identity provider and client developers
  • Penetration testers and security researchers

To participate, you will need a computer and a remote desktop client (RDP) to complete the interactive exercises.

Training Days

The training is designed for 2 days, from 9:00 - 17:00, 8 hours each (including breaks).

 

Hands-On

Learn important approaches with our practical component that will give you a deep understanding of the methods used by hackers and defenders.

 

Certificate of Attendance

After completing the training, you will receive a personalized digital certificate from us.

 

Your Investment

1.290€ excl. VAT per person.

 


Booking Options

Customized training options for you or your team.

Whether fixed date, team online training or classroom training, we adapt to your wishes.
Contact us for the training you require to receive an individual and non-binding offer.

Send the registration form or your individual booking request directly to Dr. Christian Mainka:

 

IT Security Consulting - Projektstatus analysieren - Hackmanit

Team Online Training

Book an online IT security training course on an individual date.
(at least 5 participants)

 

IT Security Consulting - Implementierung - Hackmanit

On-Site Training at Your Company

We will come to you on request and find an individual appointment for you and your team.

 

IT Security Consulting - Implementierung - Hackmanit

On-Site Training at Hackmanit

We take care of the training facilities on site in Bochum with individual desired dates.


 

 

Dr. Christian Mainka

Your Contact for This IT Security Training

Dr. Christian Mainka | Department Single Sign-On
christian.mainka@hackmanit.de

* All prices excl. VAT