Multi-factor & Risk-based Authentication , Security Operations
Silver SAML Threat: How to Avoid Being a Victim
Eric Woodruff of Semperis on Improving Certificate Management PracticesSemperis researcher Eric Woodruff discovered Silver SAML - a new technique used to launch attacks from an identity provider against applications configured to use it for authentication. How does it differ from Golden SAML, and how can enterprises respond to the threat? Woodruff shares insight.
In this interview with Information Security Media Group, Woodruff discussed:
- The evolution from Golden SAML to Silver SAML;
- Challenges brought by externally generated certificates;
- How to avoid being a victim of Silver SAML attacks.
Woodruff focuses on ITDR and cloud identity resilience. He is a Microsoft MVP for security, recognized for his expertise in the Microsoft identity ecosystem. Throughout his 23-year career in information technology, Woodruff has held a diverse range of roles, including technical manager in the public sector, senior premier field engineer at Microsoft, and security and identity architect in the Microsoft partner ecosystem.