Young hacker smiling

We hack your software

zero false positives

Attacking Applications, APIs, Mobile Apps Servers, Networks, IoT Devices
ICS: Industrial Control System
SOC: Security Operations Center

REQ.226 Avoid account lockouts

This document contains the details of the security requirements related to the definition and management of authentication process in the organization. This requirement establishes the importance of preventing denial of service attacks by avoiding account lockouts.

Requirement

System must never block a user account given one or several failed authentication attempts.

References

  1. OWASP-ASVS v3.1-2.20 Verify that anti-automation is in place to prevent breached credential testing, brute forcing, and account lockout attacks.


Service status - Terms of Use