Confirmed users
491
edits
WebAppSec/Secure Coding QA Checklist: Difference between revisions
WebAppSec/Secure Coding QA Checklist (view source)
Revision as of 20:29, 8 April 2011
, 8 April 2011→Test: Account Lockout
| Line 139: | Line 139: | ||
The second issue can be verified by modifying the token/crumb to any other value. Try replacing the value with "123". The application should either return an error message or just not perform the action that you requested with that form. If the application does perform the requested action with the "123" token value then we have a finding. | The second issue can be verified by modifying the token/crumb to any other value. Try replacing the value with "123". The application should either return an error message or just not perform the action that you requested with that form. If the application does perform the requested action with the "123" token value then we have a finding. | ||
==Test: Account Lockout== | ==Test: Account Lockout -- INACTIVE == | ||
Note: We are altering the process for handling account lockout. | |||
'''Whiteboard Code:''' infrasec-qa:auth | '''Whiteboard Code:''' infrasec-qa:auth | ||