Young hacker smiling

We hack your software

zero false positives

Attacking Applications, APIs, Mobile Apps Servers, Networks, IoT Devices
ICS: Industrial Control System
SOC: Security Operations Center

REQ.134 Store passwords with salt

This document contains the details of the security requirements related to the definition and management of access credentials in the organization. This requirement establishes the importance of storing passwords securely using cryptographic functions to mask their content.

Requirement

The system must store passwords with different key derivations (Salt)

References

  1. OWASP-ASVS v3.1-2.13 Verify that account passwords are one way hashed with a salt, and there is sufficient work factor to defeat brute force and password hash recovery attacks.

  2. OWASP-ASVS v3.1-2.21 Verificar que todas las credenciales de autenticación para acceder a servicios externos a la aplicación estén encriptadas y almacenadas en una localización protegida.


Service status - Terms of Use