Skip to content

Commit

Permalink
Merge pull request #426 from bugcrowd/Weak-Login-Function-Intended-Pu…
Browse files Browse the repository at this point in the history 
…blic-Access

Updated recommendation for Weak login function for non-operational en…
  • Loading branch information
@RRudder
RRudder committed May 15, 2024
2 parents bef8236 + 96f6833 commit 8690d8b
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions ...n_and_session_management/weak_login_function/not_operational/recommendations.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

Weak login function can be remediated by implementing a handful of best practices relating to authentication and session management to ensure secure implementation. These include:

- Removing or restricting public access to endpoints that are not operational
- If the endpoint is intended for public access, consider using multi-factor authentication (MFA), to reduce the risk of unauthorized access
- Enabling HTTPS for the login page and all subsequent authenticated pages
- Disable the option of forcing a HTTP connection by browsers
- Implement the HTTP Strict Transport Security (HSTS) header
Expand Down

0 comments on commit 8690d8b

Please sign in to comment.