Zero Trust Network Access (ZTNA) has been promoted by vendors over the last several years as a foundational approach for network security. The basic premise is to never trust and always verify.
While the core ideas behind ZTNA are valid, this multi-billion dollar market faced a brutal assessment at DEF CON 2025 when UK security researchers from AmberWolf demonstrated severe vulnerabilities across three major ZTNA vendors.
The research team found complete authentication bypasses in all tested platforms. Check Point’s Harmony SASE contained hard-coded encryption keys that exposed customer data through diagnostic logs. Zscaler’s SAML implementation failed to validate signatures, allowing attackers to forge authentication tokens. Netskope suffered from cross-tenant vulnerabilities that let attackers compromise any organization using leaked enrollment tokens.
No Responses