|
|
|
Testing TeamMentor's password reset feature now with token stored as a Hash |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Testing TeamMentor's password reset feature now with token stored as a Hash Par Dinis Cruz BlogLe [2013-03-28] à 16:51:06
Présentation : In the The Power of UnitTests when refactoring code for example Security Pages post I showed the new TeamMentor feature of password reset. This post shows an updated version of it which now stores the password reset tokens using PBKDF2 hashing. To start, open Bbot, and click on the New Random User link image Which will quickly create a test user for us to use. image Copy the email address, and use it on the passwordForgot page link available from the login dialog page image Once the email is submitted image You can go to TBot s View Emails Sent page image Where you can see the email that was supposed to be sent to the user the SMTP password is not set-up on this server, which is why the email was not sent and shown in read image Here is the email sent to the user with the password reset details Hi FName LName, a password reminder was requested for your account. You can change the password of your test_user_SiZif account using https teammentor-33-ci.azurewebsites.net 443 passwordReset test_user_SiZif 762cb15a-fa30-44f9-bcdc-1393c487bbc6 If you didn't make this request, please let us know at support teammentor.net. Copy the password reset url, open it on the browser and set a password image Once the password is successfully changed, you can login as that user image image Another way to test this feature, is to go to the TBot s Current Users page image Select the desired user image And click on the open password reset page link image Which will open the password reset page for this user with a valid token which can only be used once image Note that if you open the Raw Xml Data page for this user image You will see that the password token is stored as a long hash very similar to the password one image
Les mots clés de la revue de presse pour cet article : password token
Les videos sur SecuObs pour les mots clés : password token
Les éléments de la revue Twitter pour les mots clé : password
Les derniers articles du site "Dinis Cruz Blog" :
- Updated version of BSIMM Questions for Teams now will all activities mapped
- First pass at BSIMM questions for teams
- Started working on new book Measuring Software Quality using Application Security
- When talking about Application Security and Software Quality, Pollution is a much better analogy than Technical Debt
- New Era of Software with modern Application Security presentation v1.0
- Simple Threat Model template - Good place to start
- JIRA RISK workflow handling of 'Risk Fatigue'
- Updated JIRA RISK workflow now with a 'Fixing' State
- Presenting at OWASP AppSecEU on Using JIRA to manage Risks and Security Champions activities
- Thinking of writing a book called Measuring Software Quality using Application Security
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
