The road to your codebase is paved with forged assertions

Posted on Δευ 13 Μάρτιος 2017 in bounty • Tagged with SAML, authentication, XSW

Authentication bypass using vulnerabilities in the Github Enterprise SAML SP implementation


Continue reading

Your WAF alone, is not enough, not enough, not enough

Posted on Παρ 27 Μάιος 2016 in research • Tagged with XSS

Reflected and Stored XSS in multiple careerbuilder sites


Continue reading

The road to hell is paved with SAML Assertions

Posted on Τετ 27 Απρίλιος 2016 in bounty • Tagged with SAML, office 365, impersonation, Single-Sign-On

Cross Domain Authentication Bypass in Office 365


Continue reading