ASVS Requirement 6.3.8

• Level: 3
• Chapter: V6 Authentication
• Section: V6.3 General Authentication Security
• Source: 0x15-V6-Authentication.md

Description

Verify that valid users cannot be deduced from failed authentication challenges, such as by basing on error messages, HTTP response codes, or different response times. Registration and forgot password functionality must also have this protection.