https://community.isc2.org/t5/Welcome/Website-Security-Design-Resources/m-p/4236#M262 <P>Try anything and everything you can find from OWASP:</P><DIV class="f kv _SWb"><A href="https://www.owasp.org/" target="_blank">https://www.owasp.org/</A><DIV class="action-menu ab_ctl">&nbsp;</DIV><DIV class="action-menu ab_ctl">They have a lot of resources, including vulnerability scanners.&nbsp;The specific cases you list (setting up user accounts, username format, password reset) are fairly broad. I'd suggest you invest a little time first in studying database design, which might have an influence in all&nbsp;those areas. Security is a function of quality. Build it right and you have a good chance at making it secure. Build it haphazardly and all bets are off.</DIV></DIV> Mon, 11 Dec 2017 22:11:15 GMT JoePete 2017-12-11T22:11:15Z https://community.isc2.org/t5/Welcome/Website-Security-Design-Resources/m-p/4234#M261 <P>Hi All,</P><P>&nbsp;</P><P>I'm trying to learn about user interactive web-design, from a security perspective.</P><P>&nbsp;</P><P>Not just the obvious things like password length and complexity, but for example...</P><P>&nbsp;</P><P>- different methods for setting up online user accounts for existing client or customers</P><P>- types of username format (eg, e-mail address or site generated ID)</P><P>- various password reset mechanisms</P><P>&nbsp;</P><P>Different web-sites may have different ways of performing these functions, dependant on whether security or convenience is upmost.</P><P>&nbsp;</P><P>Are there any resources or best practices available, which outline the common scenarios and solutions?</P><P>&nbsp;</P><P>Thanks for reading...</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 11 Dec 2017 21:50:44 GMT https://community.isc2.org/t5/Welcome/Website-Security-Design-Resources/m-p/4234#M261 TonyDS 2017-12-11T21:50:44Z https://community.isc2.org/t5/Welcome/Website-Security-Design-Resources/m-p/4236#M262 <P>Try anything and everything you can find from OWASP:</P><DIV class="f kv _SWb"><A href="https://www.owasp.org/" target="_blank">https://www.owasp.org/</A><DIV class="action-menu ab_ctl">&nbsp;</DIV><DIV class="action-menu ab_ctl">They have a lot of resources, including vulnerability scanners.&nbsp;The specific cases you list (setting up user accounts, username format, password reset) are fairly broad. I'd suggest you invest a little time first in studying database design, which might have an influence in all&nbsp;those areas. Security is a function of quality. Build it right and you have a good chance at making it secure. Build it haphazardly and all bets are off.</DIV></DIV> Mon, 11 Dec 2017 22:11:15 GMT https://community.isc2.org/t5/Welcome/Website-Security-Design-Resources/m-p/4236#M262 JoePete 2017-12-11T22:11:15Z