all InfoSec news
SSO-Monitor: Fully-Automatic Large-Scale Landscape, Security, and Privacy Analyses of Single Sign-On in the Wild. (arXiv:2302.01024v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
Single Sign-On (SSO) shifts the crucial authentication process on a website
to to the underlying SSO protocols and their correct implementation. To
strengthen SSO security, organizations, such as IETF and W3C, maintain
advisories to address known threats. One could assume that these security best
practices are widely deployed on websites. We show that this assumption is a
fallacy. We present SSO-MONITOR, an open-source fully-automatic large-scale SSO
landscape, security, and privacy analysis tool. In contrast to all previous
work, SSO-MONITOR uses …
address authentication automatic best practices large monitor organizations practices privacy process protocols scale security shifts sign single single sign-on sso threats w3c website websites