Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

REQ.223 Uniform distribution in random numbers

This document contains the details of the security requirements related to definition and management of random numbers in the application and system. This requirement establishes the importance of generating random numbers using a uniform distribution.


System random numbers must be generated using a uniform distribution.


  1. OWASP-ASVS v3.1-7.6 Verify that all random numbers, random file names, random GUIDs, and random strings are generated using the cryptographic module’s approved random number generator when these random values are intended to be not guessable by an attacker.

  2. OWASP-ASVS v3.1-7.15 Verify that random numbers are created with proper entropy even when the application is under heavy load, or that the application degrades gracefully in such circumstances.

Service status - Terms of Use