NetSPI Blog

Jem Jensen

Jem graduated from WGU with a BS in Information Technology - Security. She holds a number of certifications, including CISSP, CCNA Security, and most of the CompTIA stack. Jem has over 15 years of information security experience in a number of industries and roles ranging from network administration, secure application development, and PCI compliance assessment. She has been with NetSPI since 2015 where her primary duties include web application penetration testing, mobile application penetration testing, and hardware penetration testing.

Jem Jensen
March 7th, 2017

Attacking SSO: Common SAML Vulnerabilities and Ways to Find Them

In this blog I’ll share some pointers that can be used when testing Single Sign-On (SSO) solutions that utilize SAML. The centralized nature of SSO provides a range of security benefits, but also makes SSO a high-profile target to attackers. The majority of SSO implementations I have seen in the past year pass SAML messages as […]