Documentation and Security Evaluation of real life Single Sign-On

Global

Supervision: Christian Mainka, Vladislav Mladenov

Start date: immediately

More details:

Description

The main goal of this project is the documentation and security evaluation of real life Single Sign-On logins.

The project consists of three parts:

  • Artifact Database: A comprehensive list with websites using Single Sign-On for authentication will be provided by the supervisors. The goal here is to create a complete HTTP trace of the communication for each website. For the export, the HTTP Archive (HAR) format is used.
  • Flow Analysis: A tool for automated analysis of the authentication flow will be provided by the supervisors. The results of the analysis need to be systematized in a human-readable way.
  • Security Evaluation: A list of chosen websites will be evaluated manually against CSRF attacks. The results will be documented and reported to the affected websites.

Requirements

  • Good skills in web security
  • HTTP, JavaScript, and HTML
  • BurpSuite or OWASP ZAP