IDM 360™ SAML Penetration (PEN) Testing
Cyber Security is a very hot topic. Numerous companies are broken into and valuable Privately Identifiable Information (PII) is stolen frequently. SAML Single Sign-On is a particularly vulnerable attack vector. SAML Service Providers can be tricked into automatically signing in unauthorized users. There are a number of critical SAML vulnerabilities, that are not detected by conventional network or server penetration tests. Whether your organization connects to multiple external SAML Service Providers or develops its own SAML Service Provider, it is important to certify that you are not vulnerable.
Our SafeSAML™ Offering
AssureBridge offers its clients a comprehensive SAML PEN Testing Service that allows them to fully and thoroughly test their own Service Providers as well as those of their external service provider partners.
The key features of our offering include:
- All SAML penetration tests are designed and expert-driven by experienced SAML professionals who have a wealth of knowledge in key IT security domains
- We work closely with your staff to ensure that all aspects of the testing are accounted for
- At the conclusion of the engagement we produce a comprehensive SAML penetration testing report
- We offer multiple tiers of certification
- We offer detailed recommendations on remediating vulnerabilities
- We help establish a practice of on-going SAML penetration testing to ensure that no new vulnerabilities are introduced
Why SAML PEN Testing is important
SAML Service Provider offers users trusted access into critical business applications. Depending on the nature of the application and the type of information that the users can get access to, this may lead to legal and audit exposure. Therefore, it is extremely important to ensure that the Service Provider capabilities are fully secure and are not subject to known vulnerabilities. Additionally, there are sensitive data protections issues that might arise if the SAML assertions carry PII data.
There is a lack of SAML Penetration Testing tools, but even with a tool the effort is not for the faint of heart. Unlike a standard network PEN test that requires no interaction/user touch, SAML PEN testing requires careful planning, support from both the SP and IDP sides, as well as expert help on how to execute the tests and correctly interpret the results. Additionally, not all SAML vulnerabilities and standard deviations are covered by the tools. For example, a distributed assertion replay attack against a clustered application is a difficult one to execute and requires expert assistance.
Key SafeSAML™ Penetration Tests
- Remote DTD/XSD
- Remote KeyInfo RetrievalMethod
- Remote KeyInfo WSSE Security Token Reference
- SignedInfo Remote Reference
- XSLT Transform URL Retrieval (Xalan)
- XSLT Transform Thread Suspension (Xalan)
- Assertion Replay
- Clustered Assertion Replay
- Invalid Signature
- Missing Signature
- SAML from different recipient
- Authentication Request/Assertion Response mismatch
- Subject comment injection
- Attribute comment injection
- Unenforced Encryption
- Signature Wrapping
What is Penetration Testing?
According to TechTarget “Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually. Either way, the process involves gathering information about the target before the test, identifying possible entry points, attempting to break in — either virtually or for real — and reporting back the findings.”
Free SafeSAML™ SAML PEN Test Lite
SAML PEN Test Lite offers a subset of our comprehensive SAML PEN Test Suite. It is 100% free to use to test your Web sites for a number of major SAML vulnerabilities.
Request your free SAML PEN Test Lite license key and installation instructions here