In this talk, we will first show and explain a number of SSO bugs that we discovered. They pinpoint the natural gaps between the perspectives of a protocol designer, an SDK provider and a regular website programmer. None of them can be called a «stupid bug». Then, we explain how SVX performs code verification, as well as the architecture of the SVAuth code. Finally, we give demos about real-world web apps using SVAuth.
By Shuo Chen & Shaz Qadeer & Matt McCutchen & Phuong Cao & Ravishankar Iyer
Full Abstract & Presentation Materials: https://www.blackhat.com/eu-17/briefings.html#self-verifying-authentication—a-framework-for-safer-integrations-of-single-sign-on-services