Académique Documents
Professionnel Documents
Culture Documents
● Based on Kerberos
● Wide deployment and many eye balls
● Reports of dynamic scans from time to time
● Maybe we should really check?
https://wiki.jasig.org/display/CAS/CAS+AppSec+Working+Group
● Use OWASP
Resources and
Libraries
● Threat Model
● Work with security
researchers
● More details:
https://www.owasp.org/index.php/Application_Threat_M
odeling
● https://wiki.jasig.org/display/CAS/CAS+Threat+Modelin
g
Browser
HTTP(S) Request + ST
Application
CAS
Client
HTTP(S) + (Agent)
Optional Session Cookie
Find an open
source project
and volunteer!
Aaron Weaver