Folks, If you are into AppSec and CAS, you will likely be interested in this recent OWASP presentation: https://www.youtube.com/watch?v=Zf9xSsRHRNo
The CAS AppSec WG is maintaining artifacts useful for thinking about the security posture of CAS: https://wiki.jasig.org/display/CAS/CAS+Threat+Modeling We have also proposed a number of security improvements: https://wiki.jasig.org/display/CAS/Proposals+to+mitigate+security+risks If you are interested in contributing to this work please let me know. We meet every other Tuesday for an hour. InfoSec/AppSec folks are particularly encouraged to participate. If you are a deployer, please forward this along to folks at your organization that might fit this role but aren't likely to be on cas-user or cas-dev. Best, Bill Thompson IAM Practice Director Unicon -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
