comments (not for humans)

The 9th item on the OWASP Top 10 is A9 - Insufficient Transport Layer Protection. This is mostly a browser to server and server to server issue.


[...]
Michael Sutton has written a good post on Extended Validation (EV) SSL certificates: Will EV SSL Certificates Work?. Definitely worth a read.[...]
If you set connectionProtection to "Secure" on the membership provider in your web.config you may get an error in the event log saying "8009030e No credentials are available in the security package". This is because there is no suitable certificate installed on the server that ADAM can use. This blog-entry will try to help you resolve this issue.
[...]