Authentication / Authorization Badge

145 Completed
46 Videos
21 Exercises
Easy image for OAuth2: Authorization Server CSRF

OAuth2: Authorization Server CSRF

  • This exercise covers the exploitation of a CSRF in the Authorization server
  • 2 videos
  • Completed by 960 students
  • Takes 1-2 Hrs. on average
  • Ruby-On-Rails
  • CWE-352

 

Easy image for SAML: Introduction

SAML: Introduction

  • This exercise covers the exploitation of a signature stripping vulnerability in SAML
  • 3 videos
  • Completed by 2274 students
  • Takes < 1 Hr. on average
  • RoR

 

Easy image for SAML: Comment Injection

SAML: Comment Injection

  • This exercise covers the exploitation of a comment injection vulnerability in SAML
  • 2 videos
  • Completed by 1289 students
  • Takes < 1 Hr. on average
  • Ruby on Rails

 

Easy image for SAML: Signature Stripping

SAML: Signature Stripping

  • This exercise covers the exploitation of a signature stripping vulnerability in SAML
  • 3 videos
  • Completed by 1660 students
  • Takes < 1 Hr. on average
  • RoR

 

Medium image for OAuth2: Client CSRF

OAuth2: Client CSRF

  • This exercise covers the exploitation of a CSRF in the OAuth2 Client
  • 2 videos
  • Completed by 827 students
  • Takes < 1 Hr. on average
  • Ruby-On-Rails
  • CWE-352

 

Medium image for OAuth2: Client CSRF II

OAuth2: Client CSRF II

  • This exercise covers the exploitation of a CSRF in the OAuth2 Client
  • 2 videos
  • Completed by 411 students
  • Takes 2-4 Hrs. on average
  • Ruby-On-Rails
  • CWE-352

 

Medium image for SAML: Known Key

SAML: Known Key

  • This exercise covers the exploitation of a known key in SAML
  • 3 videos
  • Completed by 409 students
  • Takes 1-2 Hrs. on average
  • Ruby on Rails

 

Medium image for SAML: Trusted Embedded Key

SAML: Trusted Embedded Key

  • This exercise covers the exploitation of a service provider (SP) that doesn't check the certificate provided in the SAMLResponse
  • 2 videos
  • Completed by 395 students
  • Takes < 1 Hr. on average
  • Ruby on Rails

 

Medium image for SAML: SAMLResponse forwarding

SAML: SAMLResponse forwarding

  • This exercise covers how one can pass the SAMLResponse from one Service Provider to another Service Provider.
  • 1 video
  • Completed by 370 students
  • Takes < 1 Hr. on average
  • Ruby on Rails

 

Medium image for OAuth2: State Fixation

OAuth2: State Fixation

  • This exercise covers the exploitation of a state fixation in the OAuth2 Client
  • 2 videos
  • Completed by 311 students
  • Takes 1-2 Hrs. on average
  • Ruby-On-Rails

 

Medium image for SAML: Comment Injection II

SAML: Comment Injection II

  • This exercise covers the exploitation of a comment injection vulnerability in SAML
  • 3 videos
  • Completed by 427 students
  • Takes < 1 Hr. on average
  • Ruby on Rails

 

Medium image for OAuth2: Authorization Server XSS

OAuth2: Authorization Server XSS

  • This exercise covers the exploitation of a XSS in the Authorization server
  • 2 videos
  • Completed by 267 students
  • Takes < 1 Hr. on average
  • Ruby-On-Rails

 

Medium image for OAuth2: Authorization Server OpenRedirect

OAuth2: Authorization Server OpenRedirect

  • This exercise covers the exploitation of an OpenRedirect in the Authorization Server
  • 3 videos
  • Completed by 841 students
  • Takes < 1 Hr. on average
  • Ruby-On-Rails

 

Medium image for OAuth2: Client OpenRedirect

OAuth2: Client OpenRedirect

  • This exercise covers the exploitation of an OpenRedirect in the OAuth2 Client
  • 2 videos
  • Completed by 727 students
  • Takes < 1 Hr. on average
  • Ruby-On-Rails

 

Hard image for OAuth2: Github HTTP HEAD

OAuth2: Github HTTP HEAD

  • This exercise covers the exploitation of the HTTP HEAD issue impacting Github in 2019
  • 2 videos
  • Completed by 394 students
  • Takes 1-2 Hrs. on average
  • Ruby-On-Rails

 

Hard image for OAuth2: Client Server XSS

OAuth2: Client Server XSS

  • This exercise covers the exploitation of a Cross-Site Scripting in the OAuth2 Client Server
  • 2 videos
  • Completed by 298 students
  • Takes 1-2 Hrs. on average
  • Ruby-On-Rails

 

Hard image for OAuth2: Predictable State

OAuth2: Predictable State

  • This exercise covers the exploitation of predictable state in the OAuth2 Client
  • 2 videos
  • Completed by 235 students
  • Takes 2-4 Hrs. on average
  • Ruby-On-Rails

 

Hard image for OAuth2: Predictable State II

OAuth2: Predictable State II

  • This exercise covers the exploitation of predictable state in the OAuth2 Client
  • 2 videos
  • Completed by 217 students
  • Takes 1-2 Hrs. on average
  • Ruby-On-Rails

 

Hard image for SAML: Signature Wrapping

SAML: Signature Wrapping

  • This exercise covers how one can use Signature Wrapping to become arbitrary users.
  • 2 videos
  • Completed by 411 students
  • Takes < 1 Hr. on average
  • Ruby on Rails

 

Hard image for SAML: Signature Wrapping II

SAML: Signature Wrapping II

  • This exercise covers how one can use Signature Wrapping to become arbitrary users.
  • 2 videos
  • Completed by 321 students
  • Takes < 1 Hr. on average
  • Ruby on Rails

 

Hard image for OAuth2: Authorization Server XSS II

OAuth2: Authorization Server XSS II

  • This exercise covers the exploitation of a XSS in the Authorization server
  • 2 videos
  • Completed by 210 students
  • Takes < 1 Hr. on average
  • Ruby-On-Rails