Security Analysis of eidas The Cross-Country Authentication Scheme in Europe
|
|
- Agnes Cobb
- 5 years ago
- Views:
Transcription
1 Security Analysis of eidas The Cross-Country Authentication Scheme in Europe Nils Engelbertz, Nurullah Erinola, David Herring, Juraj Somorovsky, Vladislav Mladenov, Jörg Schwenk Ruhr University Bochum
2 Electronic Identification (eid) Services Strong authentication with eid cards Usage in public and private sector Tax, health, education, Since the early 2000s Problem: interoperability Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 2
3 eidas electronic IDentification, Authentication, and Trust Services Interoperability framework Supports cross-country authentication Main standard: SAML Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 3
4 Our Work Security of eidas authentication services Systematization of knowledge regarding relevant attacks Comprehensive penetration test Responsible disclosure Prototype tool support Part of the project Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 4
5 Overview 1. SAML 2. eidas 3. Attacks XML Parsing Attacks Evaluation 4. EsPreSSO 5. Conclusions Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 5
6 SAML-based Single Sign-On Service Provider Identity Provider 1. Start Authentication 2. Start Authentication: SAMLRequest 3. Authentication 4. Authentication Token: SAMLResponse 5. Ressources Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 6
7 SAML Authentication Token <saml:response> <saml:assertion ID="456"> <saml:issuer>germanidp.com</saml:issuer> <saml:subject> </saml:subject> <saml:conditions NotBefore=" T14:42:00Z" NotOnOrAfter=" T14:47:00Z"> <saml:audiencerestriction> <saml:audience>germansp.com</saml:audience> </saml:audiencerestriction> </saml:conditions> <ds:signature Reference="456"> </ds:signature> </saml:assertion> </saml:response> Response Assertion Issuer GermanIdP Subject NameID Bob Conditions Audience Signature GermanSP Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 7
8 Overview 1. SAML 2. eidas 3. Attacks XML Parsing Attacks Evaluation 4. EsPreSSO 5. Conclusions Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 8
9 Overview of eid Services Country SAML OpenID OpenID Connect Other Austria Yes OAuth Belgium Yes Bulgaria Yes Yes Czech Republic Denmark Yes (eidas) NemID Estonia Finland Yes (eidas) Yes France Yes Georgia No (eidas planned) No (obsolete) No Germany Yes No* SOAP Netherlands Yes Norway Yes Portugal Yes Sweden Yes United Kingdom Yes No No SAML (Attribute Query) eidas Yes Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 9
10 eidas Authentication Each country has its own eid authentication mechanisms Huge differences between these lead to incompatibility Different architecture Different protocols Different parameters eidas provides a bridge making cross-country eid authentication possible Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 10
11 eidas Authentication Service Provider Identity Provider Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 11
12 eidas Authentication Service Provider eidas Node eidas Node Identity Provider Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 12
13 Service Provider eidas Node eidas Node Identity Provider 1. Start Authentication 2. Start Authentication: SAMLRequest 1 3. Start Authentication: SAMLRequest 2 4. Start Authentication: SAMLRequest 3 5. Authentication 6. Authentication Token: SAMLResponse 1 7. Authentication Token: SAMLResponse 2 8. Authentication Token: SAMLResponse 3 9. Ressources Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 13
14 Overview 1. SAML 2. eidas 3. Attacks XML Parsing Attacks Evaluation 4. EsPreSSO 5. Conclusions Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 14
15 eidas Authentication Service Provider eidas Node eidas Node Identity Provider Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 19
16 eidas Authentication Service Provider eidas Node eidas Node Identity Provider Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 20
17 SAML Evaluation [Mainka et al., 2014] Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 21
18 Attacks Summary XML External Entity XSLT Attack Signature Exclusion Replay Attacks Recipient Confusion Certificate Faking Signature Wrapping Certificate Injection ACS Spoofing Open Redirect Covert Redirect Cross-site-scripting CSRF Attacks Insecure HTTP Session Insecure TLS Session Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 22
19 Overview 1. SAML 2. eidas 3. Attacks XML Parsing Attacks Evaluation 4. EsPreSSO 5. Conclusions Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 23
20 Evaluation of XML Parsing Attacks No valid ID cards needed Serious attacks; Facebook rewarded with 33,500 $ 24
21 XML Entities XML Code (example) <?xml version="1.0"?> <!DOCTYPE [ <!ENTITY res HI > ]> <data>&res;</data> The parser first registers the entities within the DOCTYPE Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 25
22 XML Entities XML Code (example) <?xml version="1.0"?> <!DOCTYPE [ <!ENTITY res HI > ]> <data>&res;</data> The parser determines the reference to an ENTITY Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 26
23 XML Entities XML Code (example) <?xml version="1.0"?> <!DOCTYPE [ <!ENTITY res HI > ]> <data>hi</data> and resolves it Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 27
24 XML Entities Are XML Entities dangerous? Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 28
25 XML Entities Illegitimate File Access with XXE Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 34
26 Illegitimate File Access XML Code (example) <?xml version="1.0"?> <!DOCTYPE [ <!ENTITY file SYSTEM /etc/passwd > ]> <data>&file;</data> Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 35
27 Illegitimate File Access XML Code (example) <?xml version="1.0"?> <!DOCTYPE [ <!ENTITY file SYSTEM /etc/passwd > <!ENTITY send SYSTEM > ]> <data>&send;</data> Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 36
28 Overview 1. SAML 2. eidas 3. Attacks XML Parsing Attacks Evaluation 4. EsPreSSO 5. Conclusions Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 37
29 Evaluation 38
30 Comprehensive Evaluation of the eidas Swedish Pilot Offers demo services Possible to analyze further attacks like XML Signature Wrapping or XSS, etc. No further vulnerabilities found Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 39
31 Overview 1. SAML 2. eidas 3. Attacks XML Parsing Attacks Evaluation 4. EsPreSSO 5. Conclusions Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 40
32 Automatic Evaluation with EsPreSSO Burp Suite extension Extension for Processing and Recognition of Single Sign-On Protocols We implemented XXE and Signature Wrapping attacks for SAML XML Encryption attacks planed 41
33 >> 42
34 Overview 1. SAML 2. eidas 3. Attacks XML Parsing Attacks Evaluation 4. EsPreSSO 5. Conclusions Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 43
35 Conclusion XXE is still a problem Many critical vulnerabilities are already fixed Our contributions Best Current Practices for eidas Automated tool for the security analysis of SAML More information Security Analysis of eidas The Cross-Country Authentication Scheme in Europe. WOOT'18 44
Leave Policy. SAML Support for PPO
Leave Policy SAML Support for PPO January 2015 Table of Contents Why SAML Support for PPO... 3 Introduction to SAML... 3 PPO Implementation... 6 ComponentSpace SAML v2.0 for.net... 6 SAML Security mode...
More informationSession 2.1: Federations: Foundation. Scott Koranda Support provided by the National Institute of Allergy and Infectious Diseases
Session 2.1: Federations: Foundation Scott Koranda Support provided by the National Institute of Allergy and Infectious Diseases Scott Koranda's participation has been funded in whole or in part with federal
More informationAnalysis of the Interoperability Possibilities of Implemented Governmental e-services EU15
InterPARES Trust Study Name: Team & Study Number: Research domain: Document Title: Analysis of the Interoperability Possibilities of Implemented Governmental e-services EU15 Control Checklist Status: Final
More informationNetwork Security. Chapter 10. XML and Web Services. Part II: II: Securing Web Services Part III: Identity Federation
Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Network Security Chapter 10 Application Layer Security: Web Services (Part 2) Part I: Introduction
More informationOIO Bootstrap Token Profile
> OIO Bootstrap Token Profile Version 1.0.1 IT- & Telestyrelsen March 2010 2 Content [ Document History 4 Introduction 5 Characteristics of bootstrap tokens 5 Related profiles 6 Assumptions 6 Token Requirements
More informationIntroducing Shibboleth. Sebastian Rieger
Introducing Shibboleth Sebastian Rieger sebastian.rieger@gwdg.de Gesellschaft für wissenschaftliche Datenverarbeitung mbh Göttingen, Germany CLARIN AAI Hands On Workshop, 25.02.2009, Oxford eresearch Center
More informationesignature Infrastructure Marketing Model
www.peppol.eu esignature Infrastructure Marketing Model esignature Long Demo Objectives of PEPPOL esignature The overall objective of PEPPOL esignature is to provide cross European interoperability of
More informationSecurity Analysis of XAdES Validation in the CEF Digital Signature Services (DSS)
(Hrsg.):, Lecture Notes in Informatics (LNI), Gesellschaft für Informatik, Bonn 2019 1 Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS) Nils Engelbertz, Vladislav Mladenov,
More informationElectronic ID at work: issues and perspective
Electronic ID at work: issues and perspective Antonio Lioy < lioy @ polito.it > Politecnico di Torino Dip. Automatica e Informatica Why should I have/use an (e-) ID? to prove my identity to an "authority":
More informationOn the (in-)security of JavaScript Object Signing and Encryption. Dennis Detering
On the (in-)security of JavaScript Object Signing and Encryption Dennis Detering 2 Introduction Dennis Detering IT Security Consultant dennis.detering@cspi.com dennis.detering@rub.de @Merenon Christian
More informationDelegated authentication Electronic identity: delegated and federated authentication, policy-based access control
Delegated authentication Electronic identity: delegated and federated authentication, policy-based access control Antonio Lioy < lioy @ polito.it > several RPs (Replying Party) may decide to delegate authentication
More informationKaltura MediaSpace SAML Integration Guide. Version: 5.0
Kaltura MediaSpace SAML Integration Guide Version: 5.0 Kaltura Business Headquarters 200 Park Avenue South, New York, NY. 10003, USA Tel.: +1 800 871 5224 Copyright 2014 Kaltura Inc. All Rights Reserved.
More informationSecurity Assertion Markup Language (SAML) applied to AppGate XDP
1 Security Assertion Markup Language (SAML) applied to AppGate XDP Jamie Bodley-Scott AppGate Product Manager May 2016 version2 This document provides background on SAML for those of you who have not used
More informationWeb Based Single Sign-On and Access Control
0-- Web Based Single Sign-On and Access Control Different username and password for each website Typically, passwords will be reused will be weak will be written down Many websites to attack when looking
More informationSingle Sign-On (SSO) Using SAML
Single Sign-On (SSO) Using SAML V.2.4 AS OF 2018-07-26 Visit the SAML SSO Integration section in SCU for additional information OVERVIEW ServiceChannel offers a full-featured single sign-on (SSO) system
More informationeidas-node Error Codes
eidas-node Error Codes Version 2.0 Copyright European Commission DIGIT Unit B1 Document history Version Date Modification reason Modified by Origination 08/06/2017 Extracted from the eidas-node Installation,
More informationImplement SAML 2.0 SSO in WLS using IDM Federation Services
Implement SAML 2.0 SSO in WLS using IDM Federation Services Who we are Experts At Your Service > Over 60 specialists in IT infrastructure > Certified, experienced, passionate Based In Switzerland > 100%
More informationSoK: Single Sign-On Security An Evaluation of OpenID Connect
= SoK: Single Sign-On Security An Evaluation of OpenID Connect Christian Mainka, Vladislav Mladenov, Jörg Schwenk Horst Görtz Institute for IT Security Chair for Network and Data Security Ruhr University
More informationInteroperability Infrastructure Services
Athens, October 23 rd, 2017 Interoperability Infrastructure Services to enable Secure, Cross-Border, Operational ehealth Services in Europe Dimitrios G. Katehakis, Foundation for Research and Technology
More informationSingle Sign-On User Guide. Cvent, Inc 1765 Greensboro Station Place McLean, VA
Single Sign-On User Guide 2018 Cvent, Inc 1765 Greensboro Station Place McLean, VA 22102 www.cvent.com Contents Single Sign-On User Guide... 3 Key Terms... 3 Features Using SSO to Login... 4 Meeting Planners
More informatione SENS Pilots of eid, esignatures and Trusted Services
e SENS Electronic Simple European Networked Services Trust in the Digital World Madrid, February 26 th, 2015 e SENS Pilots of eid, esignatures and Trusted Services Lefteris Leontaridis, e SENS Piloting
More informationRSA SecurID Access SAML Configuration for Kanban Tool
RSA SecurID Access SAML Configuration for Kanban Tool Last Modified: October 4, 2016 Kanban Tool is a visual product management application based on the Kanban methodology (development) which was initially
More informationPractical Attacks on Implementations
Practical Attacks on Implementations Juraj Somorovsky Ruhr University Bochum, HGI 3curity @jurajsomorovsky 1 1 Recent years revealed many crypto attacks ESORICS 2004, Bard: The Vulnerability of SSL to
More informationConfigure ISE 2.3 Guest Portal with OKTA SAML SSO
Configure ISE 2.3 Guest Portal with OKTA SAML SSO Contents Introduction Prerequisites Requirements Components Used Background Information Federated SSO Network Flow Configure Step 1. Configure SAML Identity
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationStudents should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Secure Java Web Application Development Lifecycle - SDL (TT8325-J) Day(s): 5 Course Code: GK1107 Overview Secure Java Web Application Development Lifecycle (SDL) is a lab-intensive, hands-on Java / JEE
More informationWeb Application Vulnerabilities: OWASP Top 10 Revisited
Pattern Recognition and Applications Lab Web Application Vulnerabilities: OWASP Top 10 Revisited Igino Corona igino.corona AT diee.unica.it Computer Security April 5th, 2018 Department of Electrical and
More informationRSA SecurID Access SAML Configuration for StatusPage
RSA SecurID Access SAML Configuration for StatusPage Last Modified: Feb 22, 2017 StatusPage specializes in helping companies deal with the inevitable crisis of their website going down. Whether it s scheduled
More informationRSA SecurID Access SAML Configuration for Datadog
RSA SecurID Access SAML Configuration for Datadog Last Modified: Feb 17, 2017 Datadog is a monitoring service for cloud-scale applications, bringing together data from servers, databases, tools, and services
More informationPurchasing. Operations 3% Marketing 3% HR. Production 1%
Agenda Item DOC ID IAF CMC (11) 75 For Information For discussion For decision For comments to the author IAF End User Survey results (October 211) This report summarises the total responses to the IAF
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationThis document is a preview generated by EVS
CEN WORKSHOP CWA 15264-1 April 2005 AGREEMENT ICS 35.240.15 English version Architecture for a European interoperable eid system within a smart card infrastructure This CEN Workshop Agreement has been
More informationSoK: XML Parser Vulnerabilities. Horst-Görtz Institute for IT-Security, Ruhr-University Bochum
SoK: XML Parser Vulnerabilities Christopher Späth Vladislav Mladenov Christian Mainka Jörg Schwenk Horst-Görtz Institute for IT-Security, Ruhr-University Bochum Ruhr-University Bochum https://nds.rub.de/
More informationApplications Security
Applications Security OWASP Top 10 PyCon Argentina 2018 Objectives Generate awareness and visibility on web-apps security Set a baseline of shared knowledge across the company Why are we here / Trigger
More informationEU funded research is keeping up trust in digital society
EU funded research is keeping up trust in digital society Rafael Tesoro Trust and Security Unit DG Communica5ons Networks, Content and Technology European Commission Cybersecurity Strategy of the EU: An
More informationSecurity analysis of OpenID, followed by a reference implementation of an npabased OpenID provider
Security analysis of OpenID, followed by a reference implementation of an npabased OpenID provider Sebastian Feld, Norbert Pohlmann Institute for Internet-Security, if(is) Gelsenkirchen University of Applied
More informationDirectories Services and Single Sign-On for Collaboration
Directories Services and Single Sign-On for Collaboration Paulo Jorge Correia BRKUCC-2664 Agenda Identity Challenges and Market Analysis SSO Technologies and protocol Deep Dive OAuth Protocol SAML Protocol
More informationService withdrawal: Selected IBM ServicePac offerings
Announcement ZS09-0086, dated April 21, 2009 Service withdrawal: Selected IBM offerings Table of contents 1 Overview 9 Announcement countries 8 Withdrawal date Overview Effective April 21, 2009, IBM will
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationEuropean Cybersecurity PPP European Cyber Security Organisation - ECSO November 2016
European Cybersecurity PPP European Cyber Security Organisation - ECSO November 2016 Présentation Géraud Canet geraud.canet@cea.fr ABOUT THE CYBERSECURITY cppp 3 AIM 1. Foster cooperation between public
More informationWeb Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
More informationCUSTOMER GUIDE Interoute One Bridge Outlook Plugin Meeting Invite Example Guide
CUSTOMER GUIDE Interoute One Bridge Outlook Plugin Meeting Invite Example Guide Version History Version Date Title 1.0 04/10/17 Initial document All quotes, offers or proposals are (i) made based on Interoute
More informationSuomi.fi e-identification Technical interface description
Suomi.fi e-identification Technical interface description 1 Suomi.fi e-identification operating environment Suomi.fi e-identification offers a user authentication service for e-services across a SAML 2.0
More informationGateway Certification Authority pilot project
Results of the IDABC Bridge / Gateway Certification Authority pilot project Gzim Ocakoglu Commission Enterprise and Industry Directorate General ITAPA Congress Bratislava, 22 November 2005 1 Outline Introduction
More informatione-sens Electronic Simple European Networked Services
e-sens Electronic Simple European Networked Services Herbert Leitold, A-SIT 2 nd SSEDIC International Identity Initiatives Conference (SIIIC) Rome, July 8 th 2013 Presentation Overview esens - LSP Relation
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationThis document is a preview generated by EVS
CEN WORKSHOP CWA 16458 May 2012 AGREEMENT ICS 35.020 English version European ICT Professional Profiles This CEN Workshop Agreement has been drafted and approved by a Workshop of representatives of interested
More informationTrusted National Identity Schemes. Coralie MESNARD
Trusted National Identity Schemes Coralie MESNARD Worldwide digital transactions are booming Digitization The number of G2C digital transactions is said to grow 30% by 2020 Privacy - Convenience Citizens
More informationCertified Secure Web Application Security Test Checklist
www.certifiedsecure.com info@certifiedsecure.com Tel.: +31 (0)70 310 13 40 Loire 128-A 2491 AJ The Hague The Netherlands Certified Secure Checklist About Certified Secure exists to encourage and fulfill
More informationGUIDELINES FOR THE MANAGEMENT OF ORGANIC PRODUCE CERTIFICATES BY APPROVED CERTIFYING ORGANISATIONS
GUIDELINES FOR THE MANAGEMENT OF ORGANIC PRODUCE CERTIFICATES BY APPROVED CERTIFYING ORGANISATIONS Issued by the Department of Agriculture - Export Organic Program - May 2014 Purpose 1. This guideline
More informationDevelopment*Process*for*Secure* So2ware
Development*Process*for*Secure* So2ware Development Processes (Lecture outline) Emphasis on building secure software as opposed to building security software Major methodologies Microsoft's Security Development
More informationSOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management
SOLUTION BRIEF CA API MANAGEMENT Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management 2 SOLUTION BRIEF ENABLE AND PROTECT YOUR WEB APPLICATIONS WITH CA API MANAGEMENT ca.com
More informationIdentity management. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014
Identity management Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 Outline 1. Single sign-on 2. SAML and Shibboleth 3. OpenId 4. OAuth 5. (Corporate IAM) 6. Strong identity 2
More informationWeb Security 2 https://www.xkcd.com/177/ http://xkcd.com/1323/ Encryption basics Plaintext message key secret Encryp)on Func)on Ciphertext Insecure network Decryp)on Func)on Curses! Foiled again! key Plaintext
More informationList of nationally authorised medicinal products
27 January 2016 EMA/194278/2016 Procedure Management and Committees Support Active substance: Gadoteric acid (IV and intravascular formulations) Procedure no.: PSUSA/00001506/201504 30 Churchill Place
More informationGOING WHERE NO WAFS HAVE GONE BEFORE
GOING WHERE NO WAFS HAVE GONE BEFORE Andy Prow Aura Information Security Sam Pickles Senior Systems Engineer, F5 Networks NZ Agenda: WTF is a WAF? View from the Trenches Example Attacks and Mitigation
More informationConfigure Unsanctioned Device Access Control
Configure Unsanctioned Device Access Control paloaltonetworks.com/documentation Contact Information Corporate Headquarters: Palo Alto Networks 3000 Tannery Way Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-support
More informationEU e-marketing requirements
EU requirements The table below sets out the legal position in relation to the requirements in Europe. For the purposes of this table, the term "Opt-out Rule" means that the sending of to the recipient
More informationINTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD
INTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD Jeffy Mwakalinga, Prof Louise Yngström Department of Computer and System Sciences Royal Institute of Technology / Stockholm University
More informationCHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS
180 CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS 8.1 SUMMARY This research has focused on developing a Web Applications Secure System from Code Injection Vulnerabilities through Web Services (WAPS-CIVS),
More informationEuropean Standardization & Digital Transformation. Ashok GANESH Director Innovation ETICS Management Committee
European Standardization & Digital Transformation Ashok GANESH Director Innovation ETICS Management Committee 2017-04-26 CEN-CENELEC Members Austria Estonia Hungary Malta Slovakia Belgium Finland Netherlands
More informationOvercoming the Compliance Challenges of VAT Remittance. 12 April :55 to 16:30 (CEST)
Overcoming the Compliance Challenges of VAT Remittance 12 April 2016 15:55 to 16:30 (CEST) Presenters Nicole Jupin Vertex Inc. Senior Solutions Manager David Rossing Vertex Inc. Senior Tax Solutions Engineer,
More informationComponentSpace SAML v2.0 Developer Guide
ComponentSpace SAML v2.0 Developer Guide Copyright ComponentSpace Pty Ltd 2017-2018. All rights reserved. www.componentspace.com Contents Introduction... 1 Visual Studio and.net Core Support... 1 Application
More informationEuropean Cybersecurity cppp and ECSO. org.eu
European Cybersecurity cppp and ECSO www.ecs org.eu ABOUT THE EUROPEAN CYBERSECURITY PPP A EUROPEAN PPP ON CYBERSECURITY The European Commission has signed on July 2016 a PPP with the private sector for
More informationETSI Governance and Decision Making
ETSI Governance and Decision Making Presented by: Ultan Mulligan For: ETSI Seminar 25-26.6.2018 ETSI 2018 ETSI 2018 ETSI Governance The ETSI structure General Assembly ETSI Board Special Committees Industry
More informationIBM offers Software Maintenance for additional Licensed Program Products
Announcement ZS10-0142, dated October 5, 2010 IBM offers Software Maintenance for additional Licensed Program Products Table of contents 1 Overview 3 Description 1 Key prerequisites 4 Prices 2 Planned
More informationicims Browser & Version Support Policy
icims Browser & Version Support Policy Last Updated Date: Page 1 Proprietary. Copyright 2018 icims, Inc. All rights reserved. Table of Contents Table of Contents... 2 Browser Support Policy for the icims
More informationeidas Interoperability Architecture Version November 2015
eidas Interoperability Architecture Version 1.00 6. November 2015 1 Introduction This document specifies the interoperability components of the eidas-network, i.e. the components necessary to achieve interoperability
More informationCertified Secure Web Application Secure Development Checklist
www.certifiedsecure.com info@certifiedsecure.com Tel.: +31 (0)70 310 13 40 Loire 128-A 2491 AJ The Hague The Netherlands About Certified Secure Checklist Certified Secure exists to encourage and fulfill
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More informationRSA SecurID Access SAML Configuration for Samanage
RSA SecurID Access SAML Configuration for Samanage Last Modified: July 19, 2016 Samanage, an enterprise service-desk and IT asset-management provider, has its headquarters in Cary, North Carolina. The
More informationStudents should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Securing Java/ JEE Web Applications (TT8320-J) Day(s): 4 Course Code: GK1123 Overview Securing Java Web Applications is a lab-intensive, hands-on Java / JEE security training course, essential for experienced
More informationCross border eservices STORK 2.0
Cross border eservices STORK 2.0 Frank LEYMAN EEMA / BCS Thought Leadership Seminar December 2nd, 2014, London Stork 2.0 is an EU co funded project INFSO ICT PSP 297263 STORK Phase 1 Key facts Project
More informationCombating Pharmacrime AGENDA
Combating Pharmacrime A Knowledge Building Conference on Counterfeit Medicines 26-28 A Co-hosted event by EUROPOL & EU Observatory on IP Infringements (PSI) AGENDA T he specific purpose of the event is
More informationConvention Espace Partenaires , Ecole Militaire, Paris. ENX European Network Exchange Lennart Oly, Directeur, ENX Association
02.12.2008,, Paris ENX European Network Exchange Lennart Oly, Directeur, Why was ENX created? If even virtual games lead to real risks we should pay attention to the risks in the real economy No information
More informationWeb Security Model and Applications
Web Security Model and Applications In this Tutorial Motivation: formal security analysis of web applications and standards Our Model of the Web Infrastructure Single Sign-On Case Studies Formal Security
More informationSTORK Secure Identity Across Borders Linked
STORK Secure Identity Across Borders Linked Projekt STORK Status und Ausblick 2011 BITKOM FA eid 20. Januar 2011 / Berlin Volker Reible / T-Systems Stork is an EU co-funded project INFSO-ICT-PSP-224993
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationEUREKA European Network in international R&D Cooperation
DLR-PT.de Chart 1 > EUREKA Andrea Hesse 2nd June 2016 EUREKA European Network in international R&D Cooperation DLR-PT - National EUREKA Bureau Andrea Hesse TRAINING DLR-PT.de Chart 2 > EUREKA Andrea Hesse
More informatione-sens Electronic Simple European Networked Services Klaus Vilstrup Pedersen WP6 Manager DIFI, Norway
e-sens Electronic Simple European Networked Services Klaus Vilstrup Pedersen WP6 Manager DIFI, Norway esens BCSS call for proposal Objectives Consolidate and align work from the LSPs Create Long Term Sustainability
More informationWeb Services Security: SAML Interop 1 Scenarios
1 2 3 4 Web Services Security: SAML Interop 1 Scenarios Working Draft 04, Jan 29, 2004 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 Document identifier: Location: http://www.oasis-open.org/committees/wss/
More informationOWASPORLANDO. XXE: The Anatomy of an XML Attack. Mike Felch OWASP Orlando
OWASPORLANDO XXE: The Anatomy of an XML Attack About Myself Just a Little Background Sr. Penetration Tester Programming since 1998 Son of a firmware engineer RE / VR / ED Hobbyist Fascination with how
More informationEUMETSAT EXPERIENCE WITH MULTICAST ACROSS GÉANT
1 EUMETSAT EXPERIENCE WITH MULTICAST ACROSS GÉANT Lothar.Wolf@eumetsat.int Competence Area Manager for Data Services OVERVIEW EUMETSAT Background WAN links Multicast accross GÉANT infrastructure Summary
More informationMapping of the CVD models in Europe
Mapping of the CVD models in Europe TASK FORCE ON SW VULNERABILITY DISCLOSURE IN EUROPE Brussels, 29/11/2017 Gianluca Varisco Disclaimer This preliminary mapping has been put together by: reaching out
More informationE R T M S COMMUNICATION PLAN
U I C E R T M S COMMUNICATION PLAN Paolo de Cicco Senior Advisor ERTMS Platform Paris, 14/03/2007-1 Item 16: UIC Workshop Euro-Interlocking Hazard List Methodology for Railway Signalling WORKSHOP HELD
More information"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary
Course Summary Description Securing.Net Web Applications - Lifecycle is a lab-intensive, hands-on.net security training course, essential for experienced enterprise developers who need to produce secure.net-based
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationProgress Exchange June, Phoenix, AZ, USA 1
1 COMP-1: Securing your web application against hackers Edwin Lijnzaad & Ronald Smits Consultants Agenda Introduction Issues How to... Questions 2 COMP-1: Securing your web application against hackers
More informationThe Labour Cost Index decreased by 1.5% when compared to the same quarter in 2017
Q1-11 Q1-09 Q2-09 Q3-09 Q4-09 Q1-10 Q2-10 Q3-10 Q4-10 Q1-11 Q2-11 Q3-11 Q4-11 Q1-12 Q2-12 Q3-12 Q4-12 Q1-13 Q2-13 Q3-13 Q4-13 Q1-14 Q2-14 Q3-14 Q4-14 Q1-15 Q1-12 Q1-13 Q1-14 Q1-15 Q1-16 Q1-17 Q1-18 Q1-11
More informationNetwork Security Essentials
Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of
More informationi-ready Support for Single Sign-On (SSO)
i-ready Support for Single Sign-On (SSO) Contents Benefits... 2 Supported Security Protocols... 2 How It Works... 2 SAML Workflow... 3 Clever Workflow... 4 Implementation Details... 5 Basic Assumption...
More informationDefend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title
Defend Your Web Applications Against the OWASP Top 10 Security Risks Speaker Name, Job Title Application Security Is Business Continuity Maintain and grow revenue Identify industry threats Protect assets
More informationUsing the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest
More informationIBM EXAM - C IBM Tivoli Federated Identity Manager V6.2.2 Implementation. Buy Full Product.
IBM EXAM - C2150-575 IBM Tivoli Federated Identity Manager V6.2.2 Implementation Buy Full Product http://www.examskey.com/c2150-575.html Examskey IBM C2150-575 exam demo product is here for you to test
More informationYouth Opportunity Portal 3.0 GUIDE #2
Youth Opportunity Portal 3.0 GUIDE #2 Introduction This YOP Guide #2 will cover the changes that were made in Youth Opportunity Portal v3. You ll be able to understand why we made the changes, what exactly
More informationEXPOFACTS. Exposure Factors Sourcebook for Europe GENERAL
EXPOFACTS Exposure Factors Sourcebook for Europe GENERAL 10.7.2006 This document describes the general structure of ExpoFacts Sourcebook, as well as the principles according to which data have been collected
More informationThis document is a preview generated by EVS
TECHNICAL SPECIFICATION SPÉCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN ISO/TS 19139 November 2009 ICS 35.240.70 English Version Geographic information - Metadata - XML schema implementation (ISO/TS
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationWeb Security. Thierry Sans
Web Security Thierry Sans 1991 Sir Tim Berners-Lee Web Portals 2014 Customer Resources Managemen Accounting and Billing E-Health E-Learning Collaboration Content Management Social Networks Publishing Web
More informationehaction Joint Action to Support the ehealth Network
Stakeholder Engagement - Consultation (22 August 2017) ehaction Joint Action to Support the ehealth Network 3 rd Joint Action to Support the ehealth Network Open Consultation 1 Participants of the 3 rd
More information