SSO Incident Handling
RCCE students will learn single sign-on architecture, implementation, and security including SAML 2.0, OpenID Connect, Kerberos, federation protocols, and SSO session management. RCCE students will learn to design SSO architectures that balance user convenience with security, configure identity providers and service providers for SAML-based SSO, implement OIDC-based SSO for modern applications, troubleshoot SSO authentication failures, secure SSO sessions against hijacking and replay attacks, audit SSO configurations for misconfigurations, and respond to incidents involving SSO compromise including golden SAML attacks and session token theft. This incident response course prepares students to act decisively during security incidents with structured workflows and clear decision frameworks. Starting from foundational concepts, RCCE students will learn containment, evidence collection, eradication, and recovery procedures specific to this domain. Students practice incident scenarios that build the composure, coordination, and documentation skills essential for effective incident handling.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing SSO Incident Handling
- Execute hands-on tasks for lab series
- Execute hands-on tasks for knowledge goals — covering Classify reflected, stored, DOM-based XSS.
- Execute hands-on tasks for skill goals — covering output encoding defenses.
- Build detections and response workflows for privilege escalation, including Execute containment for active XSS.
- Execute hands-on tasks for impact scope — covering Session theft and hijacking.
- Explain XSS Taxonomy Overview fundamentals — covering Input reflected in, Stored XSS, Payload persisted server-.
- Execute hands-on tasks for reflected xss — covering Input reflected in.
- Execute hands-on tasks for stored xss — covering Payload persisted server-.
- Execute hands-on tasks for dom-based xss — covering Manipulation in client-side.
- Execute hands-on tasks for reflected xss deep dive
- Execute hands-on tasks for how it works
- Execute hands-on tasks for common vectors — covering Attacker crafts malicious URL with payload, Search query parameters in results page.
| Module 01 | Lab Series |
| Module 02 | Knowledge Goals |
| Module 03 | Skill Goals |
| Module 04 | Incident Response Goals |
| Module 05 | Impact Scope |
| Module 06 | XSS Taxonomy Overview |
| Module 07 | Reflected XSS |
| Module 08 | Stored XSS |
| Module 09 | DOM-Based XSS |
| Module 10 | Reflected XSS Deep Dive |
| Module 11 | How It Works |
| Module 12 | Common Vectors |
| Module 13 | Detection Indicators |
| Module 14 | Stored XSS Deep Dive |
All hands-on labs run on Rocheston Rose X OS. Students practice sso incident handling by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for lab series
- Lab 2: Execute hands-on tasks for knowledge goals
- Lab 3: Execute hands-on tasks for skill goals
- Lab 4: Build detections and response workflows for privilege escalation
- Lab 5: Execute hands-on tasks for impact scope
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for SSO Incident Handling, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI