OWASP Mitigation : P1
Authentication and session management :
- Make usernames, passwords and authentication data case sensitive and unique for each user
#infosec #websecurity #owasp
Authentication and session management :
- Make usernames, passwords and authentication data case sensitive and unique for each user
#infosec #websecurity #owasp
Password auditing:
- Use complex password policy: upper and lower cases with special characters
- Long phrases are better to use instead of a regular complex password because they are unique and easy to remember
- Forbid the use of common passwords i.e password123
- Use complex password policy: upper and lower cases with special characters
- Long phrases are better to use instead of a regular complex password because they are unique and easy to remember
- Forbid the use of common passwords i.e password123
- Use Multifactor authentication [MFA]
- Use strong hashing algorithm such as SHA-2, bcrypt
- Limit session expiration time
- Use generic error messages for incorrect login attempts to avoid revealing information an attacker can useduring their enumeration process
- Use strong hashing algorithm such as SHA-2, bcrypt
- Limit session expiration time
- Use generic error messages for incorrect login attempts to avoid revealing information an attacker can useduring their enumeration process
- Implement passwordless authentication protocols i.e SAML, OAuth2, OpenID
- Use HTTP Strict Transport Security [HSTS] that forces a secure redirection over https when unsecured http request is made
- Always set HTTPOnly and Secure cookies attributes
- Use HTTP Strict Transport Security [HSTS] that forces a secure redirection over https when unsecured http request is made
- Always set HTTPOnly and Secure cookies attributes
@threadreaderapp unroll
