SAML for pentesters:
Part 1 - https://epi052.gitlab.io/notes-to-self/blog/2019-03-07-how-to-test-saml-a-methodology/
Part 2 - https://epi052.gitlab.io/notes-to-self/blog/2019-03-13-how-to-test-saml-a-methodology-part-two/
Part 3 -https://epi052.gitlab.io/notes-to-self/blog/2019-03-16-how-to-test-saml-a-methodology-part-three/
Common attacks - https://blog.netspi.com/attacking-sso-common-saml-vulnerabilities-ways-find/
Case study - http://economyofmechanism.com/office365-authbypass.html
#SAML #BugBounty
Part 1 - https://epi052.gitlab.io/notes-to-self/blog/2019-03-07-how-to-test-saml-a-methodology/
Part 2 - https://epi052.gitlab.io/notes-to-self/blog/2019-03-13-how-to-test-saml-a-methodology-part-two/
Part 3 -https://epi052.gitlab.io/notes-to-self/blog/2019-03-16-how-to-test-saml-a-methodology-part-three/
Common attacks - https://blog.netspi.com/attacking-sso-common-saml-vulnerabilities-ways-find/
Case study - http://economyofmechanism.com/office365-authbypass.html
#SAML #BugBounty
epi052.gitlab.io
How to Hunt Bugs in SAML; a Methodology - Part I -
The first in a series of three posts about a methodology for hunting bugs in SAML. This post covers background information about SAML, laying the groundwork to understand SAML vulnerabilities and attacks.