Misconfiguration is within the top 5 of the Open Web Application Security Project (OWASP). Implementing the proper countermeasures will help in hardening the CA SSO (formerly SiteMinder) infrastructure. This has been a hot topic out there in the field so I decided to put together this document. It also goes into session security and the different ways to mitigate session replay attacks.