[OWASP-TESTING] OWASP Testing - Authentication

Irene Abezgauz irene.abezgauz at gmail.com
Fri Sep 2 12:33:36 EDT 2005

I was really looking forward to taking the "forgotten password" section
as it's one my favorites during testing.
However, it's already taken.

If it isn't - I'd want to do it.


Irene Abezgauz
Application Security Consultant
Hacktics Ltd.
Mobile: +972-54-6545405
Web: www.hacktics.com

-----Original Message-----
From: Jean-Jacques Halans [mailto:halans at gmail.com] 
Sent: Friday, September 02, 2005 3:04 PM
To: Irene Abezgauz
Cc: owasp-testing at lists.sourceforge.net
Subject: Re: [OWASP-TESTING] OWASP Testing - Authentication

As I started reading part 4 "Vulnerable remember password
I kinda expected something about "forgotten password" implementations, 
but which is something different.
Maybe add something about "forgotten password" implementations (or
would that be covered somewhere else)?
Like weak "personal question/answer" combinations, reset password,
mailing (temp) password,...?


Halans Jean-Jacques

More information about the Owasp-testing mailing list