Confirmed users
491
edits
WebAppSec/Secure Coding QA Checklist: Difference between revisions
WebAppSec/Secure Coding QA Checklist (view source)
Revision as of 17:44, 24 September 2010
, 24 September 2010→Desired System Behavior
No edit summary |
|||
| Line 151: | Line 151: | ||
The system locks the account for at least 1 hr after 5 failed login attempts. This can be easily tested by providing 5 incorrect passwords and then providing the correct password for the 6th try. The account should be locked and the 6th attempt should be denied access. | The system locks the account for at least 1 hr after 5 failed login attempts. This can be easily tested by providing 5 incorrect passwords and then providing the correct password for the 6th try. The account should be locked and the 6th attempt should be denied access. | ||
Alternatively a site could require a user to complete a CAPTCHA before continuing to authenticate. | Alternatively a site could require a user to complete a CAPTCHA before continuing to authenticate. The CAPTCHA should be presented to the user after 5 incorrect password attempts. | ||
=Other Resources= | =Other Resources= | ||