Hi guys, Today I was thinking about what are the security issues that CAS help us to avoid, or the advantages for us to implement CAS ( in terms of security) and then I started searching a list of what are the security risks to have in mind with a CAS implementation, and what are the topics that CAS covers.
Do we have a list for this, or a table? e.g: Threat | CAS protect us | Recommendation SQL Injection true an advice XSS false implement X or Y Unvalidated Redirects true Hijack Session ... etc.... It would be nice to know what are the security risks that are mitigated with the use of CAS, and also to have a guide to implement securely in our apps. A good start would be to match each feature maybe with the OWASP top 10 list <https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project>. I know not all of them apply to the goal of CAS, some of them are not valid for but for those who apply it will be good. What do you think? Do we have something similar? -- Carlos -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
