Misconfiguration is within the top 5 of the Open Web Application Security Project (OWASP). Implementing the proper countermeasures will help in hardening the CA SSO (formerly SiteMinder) infrastructure. This has been a hot topic out there in the field so I decided to put together this document. It also goes into session security and the different ways to mitigate session replay attacks.
Thanks Steve! Great input and a nice addition to the document. I will certainly add this to the next revision.
This is very helpful. In addition. the login.fcc file provided with the 12.5 release has a style & script section to protect against Cross Site Scripting and the 'AUTOCOMPLETE=off' attribute on the input fields