This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Talk:OWASP Proactive Controls"

From OWASP
Jump to: navigation, search
(Proposal for a regular expression for passwords)
 
(Differences in two versions.)
 
(4 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Hi Jim,
+
== Differences in two versions. ==
  
When looking at your your project page, maybe I have something, that you might be interested in.
+
I think you should mention about changes between two versions of Proactive Controls guide with reasons.
 +
OWASP does this in OWASP Top 10. I think you should do same thing in Proactive Controls.
  
A while ago, Torsten figured out how to write the password policy of Windows (3 out of 4) as an regular expression:
+
For example I am wondering what is equivalent of C10 of 2014 version in 2016?
 
 
^(?:(?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))(?!.*(.)\1{2,})[A-Za-z0-9!~<>,;:_=?*+#."&§%°()\|\[\]\-\$\^\@\/]{8,32}$
 
 
 
A short explanation:
 
 
 
password length 8 -32
 
Character set:  -Za-z0-9!/~<>,;:_=?*+-#."&§$%^°()[]|@
 
at least 3 out 4 (uppercase and lowercase letters, numbers and special characters)
 
no more than 2 equal characters in a row (that's not Windows)
 
 
 
More on your document maybe later.
 
 
 
Best Regards,
 
Thomas
 

Latest revision as of 16:03, 16 May 2016

Differences in two versions.

I think you should mention about changes between two versions of Proactive Controls guide with reasons. OWASP does this in OWASP Top 10. I think you should do same thing in Proactive Controls.

For example I am wondering what is equivalent of C10 of 2014 version in 2016?

Retrieved from "https://wiki.owasp.org/index.php?title=Talk:OWASP_Proactive_Controls&oldid=216933"