Symantec Access Management

 View Only

SSO Hardening & Session Security 

Aug 06, 2016 12:50 PM

Misconfiguration is within the top 5 of the Open Web Application Security Project (OWASP). Implementing the proper countermeasures will help in hardening the CA SSO (formerly SiteMinder) infrastructure.  This has been a hot topic out there in the field so I decided to put together this document.  It also goes into session security and the different ways to mitigate session replay attacks.

Statistics
0 Favorited
4 Views
1 Files
0 Shares
6 Downloads
Attachment(s)
pdf file
CA SSO Hardeningv2.pdf   424 KB   1 version
Uploaded - May 29, 2019

Tags and Keywords

Comments

Nov 08, 2016 10:43 AM

Thanks Steve!  Great input and a nice addition to the document.   I will certainly add this to the next revision.

Nov 02, 2016 12:05 PM

This is very helpful.  In addition. the login.fcc file provided with the 12.5 release has a style & script section to protect against Cross Site Scripting and the 'AUTOCOMPLETE=off' attribute on the input fields

Related Entries and Links

No Related Resource entered.