Skip to content

Commit

Permalink
prevent username enumeration
Browse files Browse the repository at this point in the history
  • Loading branch information
@cottsak
cottsak committed Aug 9, 2016
1 parent a7dadf8 commit 789847d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion security-checklist.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
- [ ] Check for randomness of reset password token in the emailed link or SMS.
- [ ] Set an expiration on the reset password token for a reasonable period.
- [ ] Expire the reset token after it has been successfully used.

- [ ] Ensure that login and password reset pages prevent [enumeration attacks](https://www.owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002)).

##### USER DATA & AUTHORIZATION
- [ ] Any resource access like, `my cart`, `my history` should check the logged in user's ownership of the resource using session id.
Expand Down

0 comments on commit 789847d

Please sign in to comment.