- AntiXSS Library upgraded from version 1.5 to 4.2.1
- WebPortal web.config changed to force framework to use AntiXSS
- obsolete AntiXss.HtmlEncode calls replaced with Microsoft.Security.Application.Encoder.HtmlEncode
All authentication related cookies tagged as httpOnly
web.config: enabledVersionHeader=false
autocomplete disabled
Login url injection redirection fixed
session hijacking implemented
Dont forget to apply ssl to your website with https and to set the requireSSL="false" to true
