Can you help me to understand the below queries?
What is the purpose of CrytoProvider in Siteminder?
In a form based auth scheme, where the posting happens to login.fcc, can the credentials captured by middle man attack? I am trying to understand, in a client machine, how securely the credentials can be posted to login.fcc? I am aware that the SSL/TLS connection is there and Men-in-middle attack can be prevented. But on the client side "form posting" , can the credentials captured?
How effectively Siteminder can be used to secure web applications? I am aware of CSS checks, Bad chars related checks are there. Can we list out the list of ACO parameters supports in enhancing web app security?