ASVS Requirement 6.6.4

• Level: 3
• Chapter: V6 Authentication
• Section: V6.6 Out-of-Band authentication mechanisms
• Source: 0x15-V6-Authentication.md

Description

Verify that, where push notifications are used for multi-factor authentication, rate limiting is used to prevent push bombing attacks. Number matching may also mitigate this risk.