Enhancing Security Testing for Identity Management Implementations: Introducing Micro-Id-Gym Language and Micro-Id-Gym Testing Tool

We introduce MIG-L, a declarative language for the specification of security tests, and MIG-T, a testing tool, for identity management solutions based on SAML and OAuth/OpenID Connect. We verify compliance with best current practices and detect known vulnerabilities.

Saved in:
Bibliographic Details
Published in:IEEE security & privacy 2024-11, Vol.22 (6), p.50-61
Main Authors: Bisegna, Andrea, Bitussi, Matteo, Carbone, Roberto, Ranise, Silvio
Format: Magazinearticle
Language:English
Subjects:
Application programming interfaces
Browsers
Computer languages
HTTP
Identity management systems
Security
Testing
Threat modeling
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:We introduce MIG-L, a declarative language for the specification of security tests, and MIG-T, a testing tool, for identity management solutions based on SAML and OAuth/OpenID Connect. We verify compliance with best current practices and detect known vulnerabilities.
ISSN:1540-7993
1558-4046
DOI:10.1109/MSEC.2024.3450277