Marco Mirko Morana

Marco Mirko Morana

My career in cyber-security spans more than 20 years working in different roles and industry sectors. As a author, besides co-authoring the book on risk centric threat modelling I wrote a book on application security risk management for CISOs and several white papers covering application and software security topics.

Security By Design: SSO

Date:

This document explores single sign-on (SSO) architectural design patterns and security considerations for financial web applications. It begins by highlighting the business need for SSO to integrate multiple systems. The document then covers various SSO use cases and design options, including the use of encrypted tokens or a security token service. It further addresses key security aspects such as input validation, session management, authentication, authorization, and other controls. Additionally, it provides threat models, including examples of attack trees and misuse cases related to SSO architectures. Finally, the document presents a security risk framework to guide the secure design of SSO solutions.

You can download the presentation slides from here