Confirmed users
491
edits
WebAppSec/Secure Coding QA Checklist: Difference between revisions
Jump to navigation
Jump to search
WebAppSec/Secure Coding QA Checklist (view source)
Revision as of 17:47, 24 September 2010
, 24 September 2010→Test: Account Lockout
| Line 152: | Line 152: | ||
Alternatively a site could require a user to complete a CAPTCHA before continuing to authenticate. The CAPTCHA should be presented to the user after 5 incorrect password attempts. | Alternatively a site could require a user to complete a CAPTCHA before continuing to authenticate. The CAPTCHA should be presented to the user after 5 incorrect password attempts. | ||
==Test: X-Frame-Options== | |||
'''Whiteboard Code:''' infrasec-qa:crossdomain | |||
==='''Test'''=== | |||
Is the X-Frame-Options header used to prevent malicious framing of the website? | |||
===Testing Scope=== | |||
* All HTML pages on the site. Supporting content, such as css, js, or images do not need to have the X-Frame-Options header. | |||
===Desired System Behavior=== | |||
=Other Resources= | =Other Resources= | ||