Authentication / Authorization Badge

156 Completed
46 Videos
21 Exercises

Exercises

Easy
OAuth2: Authorization Server CSRF
  • This exercise covers the exploitation of a CSRF in the Authorization server
  • 2 videos
  • Completed by 989 students
  • Takes 1-2 Hrs. on average
  • Ruby-On-Rails
  • CWE-352

 

Easy
SAML: Introduction
  • This exercise covers the exploitation of a signature stripping vulnerability in SAML
  • 3 videos
  • Completed by 2338 students
  • Takes < 1 Hr. on average
  • RoR

 

Easy
SAML: Comment Injection
  • This exercise covers the exploitation of a comment injection vulnerability in SAML
  • 2 videos
  • Completed by 1337 students
  • Takes < 1 Hr. on average
  • Ruby on Rails

 

Easy
SAML: Signature Stripping
  • This exercise covers the exploitation of a signature stripping vulnerability in SAML
  • 3 videos
  • Completed by 1708 students
  • Takes < 1 Hr. on average
  • RoR

 

Medium
OAuth2: Client CSRF
  • This exercise covers the exploitation of a CSRF in the OAuth2 Client
  • 2 videos
  • Completed by 858 students
  • Takes < 1 Hr. on average
  • Ruby-On-Rails
  • CWE-352

 

Medium
OAuth2: Client CSRF II
  • This exercise covers the exploitation of a CSRF in the OAuth2 Client
  • 2 videos
  • Completed by 426 students
  • Takes 2-4 Hrs. on average
  • Ruby-On-Rails
  • CWE-352

 

Medium
SAML: Known Key
  • This exercise covers the exploitation of a known key in SAML
  • 3 videos
  • Completed by 440 students
  • Takes 1-2 Hrs. on average
  • Ruby on Rails

 

Medium
SAML: Trusted Embedded Key
  • This exercise covers the exploitation of a service provider (SP) that doesn't check the certificate provided in the SAMLResponse
  • 2 videos
  • Completed by 423 students
  • Takes < 1 Hr. on average
  • Ruby on Rails

 

Medium
SAML: SAMLResponse forwarding
  • This exercise covers how one can pass the SAMLResponse from one Service Provider to another Service Provider.
  • 1 video
  • Completed by 404 students
  • Takes < 1 Hr. on average
  • Ruby on Rails

 

Medium
OAuth2: State Fixation
  • This exercise covers the exploitation of a state fixation in the OAuth2 Client
  • 2 videos
  • Completed by 330 students
  • Takes 1-2 Hrs. on average
  • Ruby-On-Rails

 

Medium
SAML: Comment Injection II
  • This exercise covers the exploitation of a comment injection vulnerability in SAML
  • 3 videos
  • Completed by 463 students
  • Takes < 1 Hr. on average
  • Ruby on Rails

 

Medium
OAuth2: Authorization Server XSS
  • This exercise covers the exploitation of a XSS in the Authorization server
  • 2 videos
  • Completed by 289 students
  • Takes < 1 Hr. on average
  • Ruby-On-Rails

 

Medium
OAuth2: Authorization Server OpenRedirect
  • This exercise covers the exploitation of an OpenRedirect in the Authorization Server
  • 3 videos
  • Completed by 866 students
  • Takes < 1 Hr. on average
  • Ruby-On-Rails

 

Medium
OAuth2: Client OpenRedirect
  • This exercise covers the exploitation of an OpenRedirect in the OAuth2 Client
  • 2 videos
  • Completed by 753 students
  • Takes < 1 Hr. on average
  • Ruby-On-Rails

 

Hard
OAuth2: Github HTTP HEAD
  • This exercise covers the exploitation of the HTTP HEAD issue impacting Github in 2019
  • 2 videos
  • Completed by 405 students
  • Takes 1-2 Hrs. on average
  • Ruby-On-Rails

 

Hard
OAuth2: Client Server XSS
  • This exercise covers the exploitation of a Cross-Site Scripting in the OAuth2 Client Server
  • 2 videos
  • Completed by 314 students
  • Takes 1-2 Hrs. on average
  • Ruby-On-Rails

 

Hard
OAuth2: Predictable State
  • This exercise covers the exploitation of predictable state in the OAuth2 Client
  • 2 videos
  • Completed by 246 students
  • Takes 2-4 Hrs. on average
  • Ruby-On-Rails

 

Hard
OAuth2: Predictable State II
  • This exercise covers the exploitation of predictable state in the OAuth2 Client
  • 2 videos
  • Completed by 227 students
  • Takes 1-2 Hrs. on average
  • Ruby-On-Rails

 

Hard
SAML: Signature Wrapping
  • This exercise covers how one can use Signature Wrapping to become arbitrary users.
  • 2 videos
  • Completed by 440 students
  • Takes < 1 Hr. on average
  • Ruby on Rails

 

Hard
SAML: Signature Wrapping II
  • This exercise covers how one can use Signature Wrapping to become arbitrary users.
  • 2 videos
  • Completed by 349 students
  • Takes < 1 Hr. on average
  • Ruby on Rails

 

Hard
OAuth2: Authorization Server XSS II
  • This exercise covers the exploitation of a XSS in the Authorization server
  • 2 videos
  • Completed by 224 students
  • Takes < 1 Hr. on average
  • Ruby-On-Rails