The Weak Password assertion checks whether the password you have used follows standard rules for password security.
Availability
The assertion is available only in security tests. Use this assertion with the Weak Authentication security scan.
Create an assertion
Follow these steps:
Click the image to enlarge it.
-
Open a security test.
-
Click Response Assertion next to the Weak Authentication scan.
-
Click
in the Assertions panel
In the New Assertions dialog, search for the Weak Password assertion or select it manually in the Security category.
Setting up properties
Specify your requirements for password complexity.
Click the image to enlarge it.
Here are the options you can set:
| Option | Description | Example |
|---|---|---|
| Minimum length |
Sets the minimum length of a password. |
alongpassword |
| No QWERTY |
Forbids keyboard character sequences. |
qwer asdf |
| No Alphabetical |
Forbids alphabetical sequences. |
abc ABC |
| No Numerical Sequences |
Forbids number sequences. |
1234 789 |
| No Repeated Characters |
Forbids character repeating. |
AAA 111 |
| Digits |
Sets the minimal number of digits. |
0-9 |
| Non-Alphanumeric |
Sets the minimal number of non-alphanumeric characters. |
!"£$%^&*() |
| Uppercase |
Sets the required number of uppercase characters. |
A-Z |
| Lowercase |
Sets the required number of lowercase characters. |
a-z |
Other Security Assertions
Add more assertions to ensure the security of the tested service:
See Also
Security Assertions
Basic Authorization Assertion
Sensitive Files Exposure Assertion
Cross Site Scripting Assertion
Sensitive Information Exposure Assertion