[OWASP-TESTING] OWASP Testing - Authentication

Jean-Jacques Halans halans at gmail.com
Fri Sep 2 09:03:59 EDT 2005


As I started reading part 4 "Vulnerable remember password implementation",
I kinda expected something about "forgotten password" implementations, 
but which is something different.
Maybe add something about "forgotten password" implementations (or
would that be covered somewhere else)?
Like weak "personal question/answer" combinations, reset password,
mailing (temp) password,...?

JJ

-- 
Halans Jean-Jacques




More information about the Owasp-testing mailing list