Authenticate using standard protocols
Summary
The organization must implement the Single Sign On (SSO) process using standard protocols (e.g., SAML).
Description
empty
Supported In
This requirement is verified in following services
Plan | Supported |
---|---|
Machine | 🟢 |
Squad | 🟢 |
References
- CWE™-287. Improper authentication
- CWE™-1390. Weak Authentication
- CAPEC™-115. Authentication bypass
- SOC2®-CC6_1. Logical and physical access controls
- NY SHIELD Act-5575_B_2. Personal and private information
- PA-DSS-3_1_4. Application employs methods to authenticate all users
- SANS 25-15. Use of Hard-coded Credentials
- SANS 25-18. Missing Authentication for Critical Function
- POPIA-3A_23. Access to personal information
- ISO/IEC 27002-8_5. Secure authentication
- ISA/IEC 62443-IAC-1_5. Authenticator management
- WASSEC-2_1. Authentication schemes
- WASC-W_01. Insufficient authentication
- NIST SSDF-PW_1_1. Design software to meet security requirements and mitigate security risks
- MVSP-2_1. Application design controls - Single Sign-On
- BSAFSS-IA_1-1. Software development environment authenticates users and operators
- BSAFSS-SI_2-1. Strong identity
- NIST 800-171-1_17. Protect wireless access using authentication and encryption
- OWASP ASVS-14_1_5. Build and deploy
- OWASP ASVS-1_2_2. Authentication architecture
- OWASP ASVS-13_3_2. SOAP web service
- OWASP API Security Top 10-API2. Broken User Authentication
- ISO/IEC 27001-8_5. Secure authentication
- CASA-1_2_2. Authentication Architecture
- CASA-1_4_4. Access Control Architecture
- CASA-2_10_1. Service Authentication
- CASA-14_1_5. Build and Deploy
- Resolution SB 2021 2126-Art_28_5. Security in Electronic Channels - ATMs
Vulnerabilities
- 006. Authentication mechanism absence or evasion
- 015. Insecure authentication method - Basic
- 240. Authentication mechanism absence or evasion - OTP
- 241. Authentication mechanism absence or evasion - AWS
- 242. Authentication mechanism absence or evasion - WiFi
- 243. Authentication mechanism absence or evasion - Admin Console
- 244. Authentication mechanism absence or evasion - BIOS
- 298. Authentication mechanism absence or evasion - Redirect
- 299. Authentication mechanism absence or evasion - JFROG
- 300. Authentication mechanism absence or evasion - Azure
- 309. Insecurely generated token - JWT
- 318. Insecurely generated token - Validation
- 365. Authentication mechanism absence or evasion - Response tampering
- 370. Authentication mechanism absence or evasion - Security Image
- 383. Insecurely generated token - OTP
- 388. Insecure authentication method - NTLM
- 397. Insecure authentication method - LDAP
free trial
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.