US-CERT – Risks of Default Passwords on the Internet.This SANS whitepaper discusses vendor-supplied passwords that are embedded in software/hardware. SANS Whitepaper – Vendor-Supplied Backdoor Passwords – A Continuing Vulnerability.This is a sample password protection policy from SANS. This SANS guideline provides best practices for creating secure passwords. SANS – Password Construction Guidelines.This link discusses the process of testing web applications for default credentials. Open Web Application Security Project (OWASP) – Testing for Default Credentials.The scope of this test is to verify if it is possible to collect a set of valid usernames by interacting with the authentication mechanism of the application.
Open Web Application Security Project (OWASP) – Testing for Account Enumeration and Guessable User Account.Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items.
This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2.
Consolidation of default passwords for commercial software and hardware products.
0 kommentar(er)
