Andrea Bisegna

Andrea Bisegna
  • Researcher at Fondazione Bruno Kessler

About

7
Publications
323
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
18
Citations
Introduction
Skills and Expertise
Security
Penetration Testing
Computer Networks Security
Computer Security
Cyber Security
IT Security
Current institution
Fondazione Bruno Kessler
Fondazione Bruno Kessler
  • Security & Trust (ST)
  • Trento, Italy
Current position
  • Researcher
Security & Trust Research Unit

Publications

Publications (7)
View
Enhancing Security Testing for Identity Management Implementations: Introducing Micro-Id-Gym Language and Micro-Id-Gym Testing Tool
Article
  • Nov 2024
We introduce MIG-L, a declarative language for the specification of security tests, and MIG-T, a testing tool, for identity management solutions based on SAML and OAuth/OpenID Connect. We verify compliance with best current practices and detect known vulnerabilities.
View
Fig. 1. High level architecture of the proposed solution.
Fig. 2. IdP response after a replay attack.
Fig. 3. Email sent to the ST.
Fig. 4. Test results in Micro-Id-Gym.
Collection of security tests targeting SAML implementation.
Integrating a Pentesting Tool for IdM Protocols in a Continuous Delivery Pipeline
Chapter
Full-text available
  • Jan 2021
Identity Management (IdM) solutions are increasingly important for digital infrastructures of both enterprises and public administrations. Their security is a mandatory prerequisite for building trust in current and future digital ecosystems. IdM solutions are usually large-scale complex software systems maintained and developed by several groups o...
View
Verifiable Contracting: A Use Case for Onboarding and Contract Offering in Financial Services with eIDAS and Verifiable Credentials
Chapter
  • Dec 2020
We investigate the combined use of eIDAS-based electronic identity and Verifiable Credentials for remote onboarding and contracting, and provide a proof-of-concept implementation based on SAML authentication. The main non-trivial value derived from this proposal is a higher degree of assurance in the contract offering phase for the Contracting Serv...
View
Fig. 1. High level architecture of the proposed solution.
Fig. 2. IdP response after a replay attack.
Fig. 3. Email sent to the ST.
Fig. 4. Test results in Micro-Id-Gym.
+1 Fig. 5. Usage of an unsecure Canonicalization algorithm.
Micro-Id-Gym: A Flexible Tool for Pentesting Identity Management Protocols in the Wild and in the Laboratory
Chapter
Full-text available
  • Dec 2020
Identity Management (IdM) solutions are increasingly important for digital infrastructures of both enterprises and public administrations. Their security is a mandatory pre-requisite for building trust in current and future digital ecosystems. Unfortunately, not only their secure deployment but even their usage are non-trivial activities that requi...
View
View
Fig. 2. Micro-Id-Gym: running the SAML SSO protocol.
Micro-Id-Gym: Identity Management Workouts with Container-Based Microservices
Article
Full-text available
  • Jun 2019
Identity Management (IdM) solutions are increasingly important for building trust in current and future digital ecosystems. Unfortunately, not only their secure deployment but even their usage are non-trivial activities that require a good level of security awareness. For this, we introduce Micro-Id-Gym, an easy to configure training environment in...
View

Network

Cited
View All
Cited By
View All