ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S2614/rule.adoc

21 lines
923 B
Plaintext
Raw Normal View History

Add rules based on targeted languages and remove the empty one
2020-06-30 16:59:06 +02:00
Locking an account which has had too many sequential, failed login attempts within a short time can help resist brute force attacks. This rule raises an issue on authentication code so that such controls can be verified.
== Noncompliant Code Example
----
env.put(Context.SECURITY_PRINCIPAL, principal);
env.put(Context.SECURITY_CREDENTIALS, password);
DirContext ctx = new InitialDirContext(env); // Noncompliant
----
== See
RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545)
2021-11-01 15:00:32 +01:00
* https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[OWASP Top 10 2021 Category A7] - Identification and Authentication Failures
Add rules based on targeted languages and remove the empty one
2020-06-30 16:59:06 +02:00
* https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication[OWASP Top 10 2017 Category A2] - Broken Authentication
Update CWE mapping (#534)
2021-10-28 10:07:16 +02:00
* https://cwe.mitre.org/data/definitions/307.html[MITRE, CWE-307] - Improper Restriction of Excessive Authentication Attempts
Add rules based on targeted languages and remove the empty one
2020-06-30 16:59:06 +02:00
* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
Reference in New Issue Copy Permalink