[OWASP-TESTING] OWASP Testing - Authentication
irene.abezgauz at gmail.com
Fri Sep 2 12:33:36 EDT 2005
I was really looking forward to taking the "forgotten password" section
as it's one my favorites during testing.
However, it's already taken.
If it isn't - I'd want to do it.
Application Security Consultant
From: Jean-Jacques Halans [mailto:halans at gmail.com]
Sent: Friday, September 02, 2005 3:04 PM
To: Irene Abezgauz
Cc: owasp-testing at lists.sourceforge.net
Subject: Re: [OWASP-TESTING] OWASP Testing - Authentication
As I started reading part 4 "Vulnerable remember password
I kinda expected something about "forgotten password" implementations,
but which is something different.
Maybe add something about "forgotten password" implementations (or
would that be covered somewhere else)?
Like weak "personal question/answer" combinations, reset password,
mailing (temp) password,...?
More information about the Owasp-testing