No announcements
-
0 VotesInvestigation: ADFS-Benefits (sts -> ehr)
IdP), which element identifies the website ehr.com? ADFS 2.0 Howto guideDiscussion | 8 Replies | 3541 Views | Created by cs0317 - Wednesday, April 04, 2012 9:20 PM | Last reply by Rui Wang ISRC - Tuesday, April 10, 2012 12:07 AM
-
0 Votes
Investigation: ADFS-Benefits (ehr -> enwisen)
The trace of second SSO: RP: enwisen.com; IdP: ehr.com Benign Scenario Scenario A Scenario ...Discussion | 11 Replies | 4930 Views | Created by cs0317 - Wednesday, March 28, 2012 6:35 PM | Last reply by Rui Wang ISRC - Sunday, April 01, 2012 3:07 AM -
0 Votes
Investigation: sears.com using Facebook ID
Benign Scenario Scenario A Scenario B Scenario C Note that there are two IdP servers, ... -
0 Votes
testing tools for sso vulnerabilities
Hi There, I cam across an article summarizing the white paper published ...Unanswered | 3 Replies | 2837 Views | Created by dlumma - Friday, March 23, 2012 10:03 PM | Last reply by dlumma - Friday, March 23, 2012 11:32 PM -
0 Votes
Questions waiting for web geeks to answer
Our own investigation experience convinces us that finding SSO bugs requires not only logic thinking. Oftentimes, a particular investigation takes you to a set of interesting "webby" ...Discussion | 5 Replies | 2980 Views | Created by cs0317 - Thursday, March 15, 2012 11:33 PM | Last reply by Rui Wang ISRC - Friday, March 23, 2012 11:19 PM -
0 Votes
Questions to share with everyone.
If you have any question that you don't mind to share with everyone, please post your question as a comment of this discussion thread. Thanks! -
0 Votes
investigation: google ID login on zoho.com
benign trace Understanding of the trace:Discussion | 0 Replies | 1983 Views | Created by Rui Wang ISRC - Thursday, February 09, 2012 6:28 PM -
0 Votes
investigation: Facebook ID login on hrblock.com
benign trace Understanding of the trace: 1. code is the secret that Facebook wants to deliver to hrblock.com through the ...Discussion | 1 Replies | 2661 Views | Created by Rui Wang ISRC - Thursday, February 09, 2012 12:11 AM | Last reply by Rui Wang ISRC - Thursday, February 09, 2012 12:46 AM -
0 Votes
investigation: Facebook ID login on livingsocial.com
benign trace Understanding of the trace 1. BRM1 has a hidden operation which is to send a cross-domain message from Facebook domain to livingsocial.com/login ...Discussion | 1 Replies | 2073 Views | Created by Rui Wang ISRC - Wednesday, February 08, 2012 1:43 AM | Last reply by Rui Wang ISRC - Wednesday, February 08, 2012 11:25 PM -
0 Votes
Investigation: Live ID on bing.com
To see labeled trace (links to see raw traffic is in benign trace) benign ...Discussion | 1 Replies | 2157 Views | Created by Rui Wang ISRC - Tuesday, February 07, 2012 7:43 PM | Last reply by Rui Wang ISRC - Tuesday, February 07, 2012 10:54 PM -
0 Votes
Investigation: Facebook ID login on freelancer.com
Below are the labeled traces for analysis: benign trace scenario ... -
1 Votes
Investigation: Google ID login on Smartsheet.com
Below are the labeled traces for analysis: benign trace ...Discussion | 1 Replies | 3911 Views | Created by cs0317 - Tuesday, January 24, 2012 9:08 PM | Last reply by cs0317 - Tuesday, January 24, 2012 11:38 PM - < Previous Items 21 to 32 of 32
No announcements
