GlobalSupervision: Christian Mainka, Vladislav Mladenov Start date: immediately More details:
The main goal of this project is the documentation and security evaluation of real life Single Sign-On logins.
The project consists of three parts:
- Artifact Database: A comprehensive list with websites using Single Sign-On for authentication will be provided by the supervisors. The goal here is to create a complete HTTP trace of the communication for each website. For the export, the HTTP Archive (HAR) format is used.
- Flow Analysis: A tool for automated analysis of the authentication flow will be provided by the supervisors. The results of the analysis need to be systematized in a human-readable way.
- Security Evaluation: A list of chosen websites will be evaluated manually against CSRF attacks. The results will be documented and reported to the affected websites.
- Good skills in web security
- BurpSuite or OWASP ZAP