This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Test Account Suspension/Resumption Process (OTG-IDENT-007)

From OWASP
Revision as of 11:36, 6 November 2013 by Andrew Muller (talk | contribs) (Created page with "== Summary == Larger and more mature applications are able to suspend and resume user access to protect the system while the user is on extended leave. Suspension and resum...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Summary

Larger and more mature applications are able to suspend and resume user access to protect the system while the user is on extended leave.

Suspension and resumption of access due to exceeding the number of unsuccessful authentication attempts.

Test objectives

Verify the identity requirements for user registration align with business/security requirements

Validate the registration process

How to test

  1. Verify the identity requirements for user registration align with business/security requirements
    1. Can anyone register for access?
    2. Are registrations vetted by a human prior to provisioning, or are they automatically granted if the criteria are met?
    3. Can the same person/identity register multiple times?
    4. What proof of identity is required for a registration to be successful?
    5. Are registered identities verified?
  1. Validate the registration process

Example

Tools

References

Remediation

Implement identification and verification requirements that correspond to the security requirements of the information the credentials protect.