CheatSheetSeries icon indicating copy to clipboard operation
CheatSheetSeries copied to clipboard

Published 20 hours ago verified publisher icon OWASP

Update: Credential_Stuffing_Prevention_Cheat_Sheet

Open SCFTW opened this issue 5 months ago • 3 comments

What is missing or needs to be updated?

A couple of suggestions for the Credential Stuffing cheat sheet:

  1. MFA section should link to MFA cheat sheet (reciprocating the link to cred stuffing from MFA)
  2. With 2023 expansion in support for FIDO2 passkeys, the line that MFA may not be practical should be replaced with suggestion of passkeys to prevent cred stuffing.

How should this be resolved?

Changes suggested inline above. Could also mention FIDO UAF or U2F device bound software or hardware passkeys as well- not sure if this is getting too far into the weeds for a cheat sheet?

SCFTW avatar Feb 07 '24 19:02 SCFTW

I like all of these ideas, PR!

jmanico avatar Feb 07 '24 20:02 jmanico

@SCFTW awesome issue. Do you want to make a PR for this?

mackowski avatar Feb 18 '24 16:02 mackowski

I'm working on these and a few other minor updates to the cred stuffing CS.

SCFTW avatar Mar 15 '24 13:03 SCFTW