[OWASP_PHPSEC] testing code

Johanna Curiel johanna.curiel at owasp.org
Sun Jun 2 11:39:01 UTC 2013


Hi All

I hope we can have our bug tracking system soon, I'm awaiting owasp to confirm so funds and the acquisition of a domain and server to be able to setup TRAC

Regarding  this part, has anyone test the code so far? 

Once we have our bug system In place,  there will be no mercy ;-), I'll be testing...

regards 

Johanna

On 1 jun. 2013, at 21:08, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:

> Hi .. :)
> 
> Passwords are salted and hashed, recovery of password is impossible.
> As for brute force, this functionality will be built in "dvanced pass mgt."
> 
> 
> 
> On Sat, Jun 1, 2013 at 9:04 PM, Johanna Curiel <johanna.curiel at owasp.org> wrote:
> account locks are necessary as a way to mitigate the use of brute force for logins
> 
> in which scenario will this be used, for example
> 
> an evil db admin who tries to decrypt passwords or brute force attacks on login attempt?
> 
> regards
> 
> Johanna
> 
> 
> 
> 
> On 31 mei 2013, at 23:13, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:
> 
> > HI...I am still searching for this, but I thought it would be faster if I ask it here.
> >
> > Do you know any way to stop dictionary attacks. We can keep a list of dictionary words and see if user-supplied password matches any of them. But other than this, do you suggest anything?
> >
> > --
> > Regards,
> > Rahul Chaudhary
> > Ph - 412-519-9634
> > _______________________________________________
> > OWASP_PHP_Security_Project mailing list
> > OWASP_PHP_Security_Project at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
> 
> 
> 
> -- 
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130602/c5a48dda/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list