Attacking Authentication Mechanisms

Attacking Authentication Mechanisms  Medium

Authentication plays an essential role in almost every web application. If a vulnerability arises in the application's authentication mechanism, it could result in unauthorized access, data loss, or potentially even remote code execution, depending on the application's functionality. This module will provide an overview of various authentication methods, such as JWT, OAuth, and SAML, and potential attacks against each. Knowledge of modern authentication mechanisms will greatly benefit your penetration testing and bug bounty hunting journey when facing web applications.

Created by RiotSecurityTeam
Co-Authors: MrR3boot

To start this course Sign Up!

Summary

In this module, we'll show you how to test the security limits of some of the most well-known and used authentication techniques.

We will cover the following:

  • What is authentication
  • Techniques to identify authentication-related issues (OAuth, SSO, Tokens)
  • Explaining multiple types of related vulnerabilities

Additionally, you will also learn the following:

  • JWT (JSON Web Token)

    • What is JWT
    • JWT Flow
    • No Verification of the signature
    • None Algorithm Attack
    • Brute Force Weak Secret
    • Insecure KID Parameter Processing
  • OAuth

    • What is OAuth
    • OAuth Flow
    • Account takeover via redirect_uri misconfiguration. (IDP)
    • Account takeover via Open redirect (SP)
    • Bruteforcing Weak Access Tokens
  • SAML

    • What is SAML
    • SAML flow
    • Weak Public/Private Key Usage
    • No Signature Verification
    • Signature Stripping Attack

This module is broken into sections with accompanying hands-on exercises to practice the tactics and techniques we cover. The module ends with a practical hands-on skills assessment to gauge your understanding of the various topic areas.

As you work through the module, you will see example commands and command output for the topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts presented in each section. You can do this in the target host provided in the interactive sections or your virtual machine.

You can start and stop the module anytime and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.

The module is classified as "medium" and assumes an intermediate knowledge of how web applications function and common attack principles.

Sections

  • Introduction
  • JSON Web Token (JWT)
  • Missing Signature Verification
  • None Algorithm Attack
  • Weak Secret
  • Insecure KID Parameter Processing
  • OAuth
  • OAuth Flow
  • OAuth Grants
  • redirect_uri Misconfiguration
  • Open Redirect
  • Brute Forcing Weak Access Tokens
  • SAML
  • SAML Flow
  • Weak Public/Private Keys
  • No Signature Verification
  • Signature Stripping Attack
  • Skills Assessment
To start this course Sign Up!