One of the recommendations I mention in OWASP TOP 10 2017 A2-Broken Authentication: Password Requirements is to provide guidance to your users when creating passwords. Here I attempt to explore some ways of implementing feedback to users on the strength of their passwords.
»
the new guidelines for password requirements say to drop all the complexity rules and to create a blocklist of weak, common, and compromised passwords that cannot be used when a user creates a new account. Here is a quick example of one way this could be implemented in CFML.
»
Continuing the series on the OWASP Top 10 now we look at the #2 OWASP vulnerability which is Broken Authentication
»
In this post, I will focus on the #1 OWASP vulnerability which is Injection and how to prevent it in CFML applications.
»