[OWASP_PHPSEC] testing code

rahul chaudhary rahul300chaudhary400 at gmail.com
Sun Jun 2 22:22:06 UTC 2013


we all are testing our codes for correctness with PHPUnit....

However, a security check from you and Abbas is due..:)


On Sun, Jun 2, 2013 at 7:39 AM, Johanna Curiel <johanna.curiel at owasp.org>wrote:

>
> Hi All
>
> I hope we can have our bug tracking system soon, I'm awaiting owasp to
> confirm so funds and the acquisition of a domain and server to be able to
> setup TRAC
>
> Regarding  this part, has anyone test the code so far?
>
> Once we have our bug system In place,  there will be no mercy ;-), I'll be
> testing...
>
> regards
>
> Johanna
>
> On 1 jun. 2013, at 21:08, rahul chaudhary <rahul300chaudhary400 at gmail.com>
> wrote:
>
> Hi .. :)
>
> Passwords are salted and hashed, recovery of password is impossible.
> As for brute force, this functionality will be built in "dvanced pass mgt."
>
>
>
> On Sat, Jun 1, 2013 at 9:04 PM, Johanna Curiel <johanna.curiel at owasp.org>wrote:
>
>> account locks are necessary as a way to mitigate the use of brute force
>> for logins
>>
>> in which scenario will this be used, for example
>>
>> an evil db admin who tries to decrypt passwords or brute force attacks on
>> login attempt?
>>
>> regards
>>
>> Johanna
>>
>>
>>
>>
>> On 31 mei 2013, at 23:13, rahul chaudhary <rahul300chaudhary400 at gmail.com>
>> wrote:
>>
>> > HI...I am still searching for this, but I thought it would be faster if
>> I ask it here.
>> >
>> > Do you know any way to stop dictionary attacks. We can keep a list of
>> dictionary words and see if user-supplied password matches any of them. But
>> other than this, do you suggest anything?
>> >
>> > --
>> > Regards,
>> > Rahul Chaudhary
>> > Ph - 412-519-9634
>> > _______________________________________________
>> > OWASP_PHP_Security_Project mailing list
>> > OWASP_PHP_Security_Project at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>
>
>
>
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
>
>


-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130602/412fb62e/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list