[et_pb_section fb_built=\"1\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"0px||0px||true|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" width=\"100%\" custom_padding=\"0px||||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.20.0\" _module_preset=\"default\" text_text_color=\"#FFFFFF\" text_font_size=\"30px\" text_line_height=\"1.2em\" header_font=\"Roboto||||||||\" header_text_color=\"#F07F1D\" header_font_size=\"50px\" background_image=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-security-analysis-header-single-sign-on-pentest.jpg\" custom_margin=\"-31px||0px||false|false\" custom_padding=\"166px|15px|62px|15px|false|true\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n
Protect Your Users & Applications<\/p>\n
[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.20.0\" _module_preset=\"default\" background_color=\"RGBA(0,0,0,0)\" custom_margin=\"0px|0px|0px|0px|true|true\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n
Nowadays, an increasing number of applications rely on the Single Sign-On (SSO) for user authentication. The procedure enables users to log in to multiple applications via a trusted provider (identity provider), such as Google or Facebook. Solutions based on well-known standards such as OpenID Connect 1.0, OAuth 2.0 or SAML are frequently used for this purpose. Thus, the login data is not stored by the actual application (service provider), but only by the identity provider.<\/p>\n
This authentication method is already widespread in private life, but it is also being increasingly used in the corporate context and has become an essential component of identity and access management in companies and software solutions. Misconfigurations or weaknesses in the implemented solution can have serious consequences, including the loss of confidentiality, integrity and availability of application and user data.<\/p>\n
During our pentest, our security analysts<\/a> comprehensively check your SSO solution for these vulnerabilities so that you can subsequently fix them.<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"||3px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_divider _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"||1px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_divider][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" header_3_text_color=\"#F07F1D\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_4,3_4\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"||1px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/icon-schwachstelle-orange-003-1.png\" title_text=\"icon-schwachstelle-orange-003\" _builder_version=\"4.16\" _module_preset=\"default\" width=\"74%\" module_alignment=\"center\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"27px||3px||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_divider _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"-3px||1px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_divider][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.27.4\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n Our pentests are conducted according to a standardized approach<\/a><\/strong>, \u00a0which is enhanced by specific aspects for single sign-on pentests:<\/span><\/p>\n Each SSO solution arises from the interaction between service provider and identity provider. Hence, an in-depth analysis of your SSO solution requires a profound understanding of the application and the underlying SSO standard. The initial basis of our pentest are the test accounts provided for various roles, which give our security analysts<\/a><\/span><\/span> access to the application and thus enable the analysis of the authentication and authorization flow. Our security analysts perform a comprehensive review of your SSO solution for potential vulnerabilities and compliance with best practices, such as the OAuth 2.0 Security Best Current Practice<\/a>.<\/span><\/span><\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.27.0\" _module_preset=\"default\" locked=\"off\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.27.0\" _module_preset=\"default\" border_color_all=\"#F07F1D\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_testimonial author=\"Gerbert Roitburd\" job_title=\"Managing Security Analyst\" portrait_url=\"https:\/\/www.usd.de\/wp-content\/uploads\/Gerbert-Roitburd_PPT-Kontakt.jpg\" quote_icon_color=\"#F07F1D\" quote_icon_background_color=\"#FFFFFF\" font_icon=\"||divi||400\" portrait_width=\"200px\" portrait_height=\"200px\" use_icon_font_size=\"on\" icon_font_size=\"35px\" _builder_version=\"4.27.4\" _module_preset=\"default\" background_color=\"RGBA(255,255,255,0)\" custom_padding=\"3%||2%||false|false\" animation_style=\"fade\" border_width_all=\"2px\" border_color_all=\"#F07F1D\" border_radii_portrait=\"on|100%|100%|100%|100%\" border_color_all_portrait=\"RGBA(255,255,255,0)\" box_shadow_style_image=\"preset4\" box_shadow_horizontal_image=\"0px\" box_shadow_vertical_image=\"0px\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n The use of single sign-on can have vulnerabilities in the implementation, configuration and also in the access controls. In our pentests, my colleagues and I uncover these vulnerabilities by analyzing the flows thoroughly. By fixing these vulnerabilities at an early stage, our customers protect themselves against hackers and criminals.<\/span><\/p>\n [\/et_pb_testimonial][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.27.4\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n The following checks are carried out during S<\/span>ingle Sign-On Pentests:<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"||0px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_divider _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"||1px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_divider][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_4,3_4\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"0px||1px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/icon-symbol-orange-007-2.png\" title_text=\"icon-symbol-orange-007\" _builder_version=\"4.16\" _module_preset=\"default\" width=\"78%\" module_alignment=\"center\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.27.4\" _module_preset=\"default\" custom_margin=\"20px||||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\nCommon Single Sign-on Vulnerabilities Include:<\/h3>\n
\n
How Does usd AG Approach Single Sign-on Pentesting?<\/h2>\n
What Checks Are Included During Your Single Sign-on Pentest?<\/h2>\n
\n