I was recently made aware of this article coming out of DEF CON. I havent setup a link share spot yet so you get this instead DEF CON research takes aim at ZTNA, calls it a bust | Network World
“The research team found complete authentication bypasses in all tested platforms. Check Point’s Harmony SASE contained hard-coded encryption keys that exposed customer data through diagnostic logs. Zscaler’s SAML implementation failed to validate signatures, allowing attackers to forge authentication tokens. Netskope suffered from cross-tenant vulnerabilities that let attackers compromise any organization using leaked enrollment tokens.
Beyond individual flaws, the researchers systematically defeated the foundational zero-trust concept of device posture checking. They developed tools that fake compliance checks for antivirus, firewalls, disk encryption and hardware fingerprinting across all major platforms. Most damaging, they demonstrated how attackers can steal ZTNA configurations and replay them from unmonitored systems.
The findings reveal architectural problems that contradict zero-trust principles. Rather than verifying device and user trustworthiness, these solutions place enormous trust in vendor infrastructure and client-side security controls.
“Rather than being never trust, always verify, we found it was more, ‘always trust, never verify,’” AmberWolf researcher David Cash said during the session.”
