MozillaWiki

WebAppSec/Secure Coding Guidelines: Difference between revisions

Page Discussion

WebAppSec/Secure Coding Guidelines (view source)

Revision as of 22:32, 30 November 2010

377 bytes added ,  30 November 2010
→‎Secure Coding Guidelines
Line 223: Line 223:
==Logging==
==Logging==
See [[Security/Users_and_Logs]]
See [[Security/Users_and_Logs]]
= Admin Login Pages =
The following are blockers for any website using any admin page:
1. Controls to Prevent Brute Force Attacks
Options:
* Account Lockout
* CAPTCHA's after 5 failed logins
* IP restrictions for access to the admin page
2. The Admin page is exclusively accessed over HTTPS
3. The session id uses the SECURE flag
4. The session id uses the HTTPOnly flag


=Further Reading=
=Further Reading=
Mcoates
Confirmed users
491

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/271008"