OWASP Annotated Application Security Verification Standard
latest
Browse by chapter:
1 Architecture, Design and Threat Modeling
2 Authentication
2.1 Password Security Requirements
2.2 General Authenticator Requirements
2.3 Authenticator Lifecycle Requirements
2.4 Credential Storage Requirements
2.5 Credential Recovery Requirements
2.6 Look-up Secret Verifier Requirements
2.7 Out of Band Verifier Requirements
2.7.1 Clear text out of band authenticators are not offered by default
2.7.2 Out of band authentication requests expire after 10 minutes
2.7.3 Out of band authentication requests are usable once
2.7.4 Out of band authenticators communicate over a secure independent channel
2.7.5 TODO
2.7.6 TODO
2.8 Single or Multi Factor One Time Verifier Requirements
2.9 Cryptographic Software and Devices Verifier Requirements
2.10 Service Authentication Requirements
3 Session Management
4 Access Control
5 Validation, Sanitization and Encoding
6 Stored Cryptography
7 Error Handling and Logging
8 Data Protection
9 Communications
10 Malicious Code
11 Business Logic
12 Files and Resources
13 API and Web Service
14 Configuration
OWASP Annotated Application Security Verification Standard
Docs
»
2 Authentication
»
2.7 Out of Band Verifier Requirements
2.7 Out of Band Verifier Requirements
ΒΆ
Browse by item:
2.7.1 Clear text out of band authenticators are not offered by default
2.7.2 Out of band authentication requests expire after 10 minutes
2.7.3 Out of band authentication requests are usable once
2.7.4 Out of band authenticators communicate over a secure independent channel
2.7.5 TODO
2.7.6 TODO