Symantec Access Management

SSO Hardening & Session Security 

08-06-2016 12:50 PM

Misconfiguration is within the top 5 of the Open Web Application Security Project (OWASP). Implementing the proper countermeasures will help in hardening the CA SSO (formerly SiteMinder) infrastructure.  This has been a hot topic out there in the field so I decided to put together this document.  It also goes into session security and the different ways to mitigate session replay attacks.

Statistics
0 Favorited
3 Views
1 Files
0 Shares
5 Downloads
Attachment(s)
pdf file
CA SSO Hardeningv2.pdf   424 KB   1 version
Uploaded - 05-29-2019

Tags and Keywords

Comments

11-08-2016 10:43 AM

Thanks Steve!  Great input and a nice addition to the document.   I will certainly add this to the next revision.

11-02-2016 12:05 PM

This is very helpful.  In addition. the login.fcc file provided with the 12.5 release has a style & script section to protect against Cross Site Scripting and the 'AUTOCOMPLETE=off' attribute on the input fields

Related Entries and Links

No Related Resource entered.