all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

SSO-Monitor: Fully-Automatic Large-Scale Landscape, Security, and Privacy Analyses of Single Sign-On in the Wild. (arXiv:2302.01024v1 [cs.CR])

Add to bookmarks
Feb. 3, 2023, 2:10 a.m. | Maximilian Westers, Tobias Wich, Louis Jannett, Vladislav Mladenov, Christian Mainka, Andreas Mayer

cs.CR updates on arXiv.org arxiv.org

Single Sign-On (SSO) shifts the crucial authentication process on a website
to to the underlying SSO protocols and their correct implementation. To
strengthen SSO security, organizations, such as IETF and W3C, maintain
advisories to address known threats. One could assume that these security best
practices are widely deployed on websites. We show that this assumption is a
fallacy. We present SSO-MONITOR, an open-source fully-automatic large-scale SSO
landscape, security, and privacy analysis tool. In contrast to all previous
work, SSO-MONITOR uses …

address authentication automatic best practices large monitor organizations practices privacy process protocols scale security shifts sign single single sign-on sso threats w3c website websites

Visit resource

More from arxiv.org / cs.CR updates on arXiv.org

Dihedral Quantum Codes 2 days, 14 hours ago | arxiv.org
arxiv block class code +9
A Privacy Preserving System for Movie Recommendations Using Federated Learning 2 days, 14 hours ago | arxiv.org
arxiv businesses cs.cr cs.ir +20
VulLibGen: Identifying Vulnerable Third-Party Libraries via Generative Pre-Trained Model 2 days, 14 hours ago | arxiv.org
accelerate advisory arxiv cs.cr +24
Simultaneous Haar Indistinguishability with Applications to Unclonable Cryptography 2 days, 14 hours ago | arxiv.org
applications arxiv build cloning +11
SoK: Prudent Evaluation Practices for Fuzzing 2 days, 14 hours ago | arxiv.org
afl arxiv bugs concept +13
The Effect of Quantization in Federated Learning: A R\'enyi Differential Privacy Perspective 2 days, 14 hours ago | arxiv.org
arxiv can cs.cr cs.dc +15
Unveiling the Potential: Harnessing Deep Metric Learning to Circumvent Video Streaming Encryption 2 days, 14 hours ago | arxiv.org
arxiv attacks body cs.ai +16
SecureLLM: Using Compositionality to Build Provably Secure Language Models for Private, Sensitive, and Secret Data 2 days, 14 hours ago | arxiv.org
access arxiv back build +15
IBD-PSC: Input-level Backdoor Detection via Parameter-oriented Scaling Consistency 2 days, 14 hours ago | arxiv.org
adversaries arxiv attacks backdoor +22

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Senior Security Analyst

@ Oracle | United States
View on infosec-jobs.com

Associate Vulnerability Management Specialist

@ Diebold Nixdorf | Hyderabad, Telangana, India
View on infosec-jobs.com

Cybersecurity Architect, Infrastructure & Technical Security

@ KCB Group | Kenya
View on infosec-jobs.com