I was wondering if anyone of you had a chance to Pen test a SSO functionality. I will soon be testing it and was looking out for pointer around - Where the focus of testing should be. - Tools that i can use for testing. - Some basic scenarios as an example for testing. - Links to some pen-test examples/tutorials.
Our SSO functionality would be something like this: You enter the login link which redirects you to the Identity provider login page. Once you login successfully the home page of the actual application opens up.
I've done some basic research on what pen-test is but if you could keep it to basics, would be great.
Aucun commentaire:
Enregistrer un commentaire