Recent research on web security and related topics. Provided and maintained by members and friends of the Chair for Network and Data Security at the Ruhr University Bochum, Faculty of Electrical Engineering and Information Technology, Horst Görtz Institute for IT-Security.
Monday, November 16, 2015
Labels:
BrowserID,
Facebook Connect,
Microsoft Account,
OpenID,
OpenID Connect,
SAML,
Single Sign-On,
WS-Attacker,
XML
Friday, November 6, 2015
Playing with Certificates (from a Researcher's Perspective)
I often face a problem that I need to test several TLS servers. In order to make the tests consistent, I want to deploy the same keys and certificates on each server. However, this is not that easy, since there are several key formats and generation mechanisms. Deploying the same key to an OpenSSL and JSSE servers is thus a huge pain...
In the following, I will give a brief overview on basic certificate types and on few conversion possibilities.
In the following, I will give a brief overview on basic certificate types and on few conversion possibilities.
Subscribe to:
Posts (Atom)
Beliebte Posts
-
When evaluating the security of XML based services, one should always consider DTD based attack vectors, such as XML External Entities (XXE)...
-
Inspired by James Kettle 's great OWASP AppSec Europe talk on CORS misconfigurations, we decided to fiddle around with CORS security i...
-
Printers belong arguably to the most common devices we use. They are available in every household, office, company, governmental, medic...
-
In this post, we provide a security analysis of Microsoft Rights Management Services (RMS) and present two working attacks: We complete...
-
One year ago, we received a contract as a PDF file. It was digitally signed. We looked at the document - ignoring the "certificate is n...