Random Values from ASVS framework

Home
Browse frameworks
Contact us
SAMMY premium

SAMMY UI is optimized for resolutions with a width 1024px and higher.

ASVS

Browse ASVS

Encoding and Sanitization
Validation and Business Logic
Web Frontend Security
API and Web Service
File Handling
Authentication
Session Management
Authorization
Self-contained Tokens
- Token source and integrity
- Token content
OAuth and OIDC
Cryptography
Secure Communication
Configuration
Data Protection
Secure Coding and Architecture
Security Logging and Error Handling
WebRTC
- TURN Server
- Media
- Media

V11.5.1

V11.5.1: Verify that all random numbers and strings which are intended to be non-guessable must be generated using a cryptographically secure pseudo-random number generator (CSPRNG) and have at least 128 bits of entropy. Note that UUIDs do not respect this condition.

ASVS Maturity

Not applicable - The control is not applicable for the given scope.

Not implemented / not verified - The control is not implemented or not verified.

Limited implementation - The control is implemented for the most critical parts of the codebase. It is verified either manually (internally or externally) or automatically (using test cases or security automation tooling).

Systematic implementation - The control is systematically implemented and pervasive in the codebase. It is verified either manually (internally or externally) or automatically (using test cases or security automation tooling).

Full implementation - The control is fully implemented for the complete codebase. It is verified either manually (internally or externally) or automatically (using test cases or security automation tooling).

V11.5.2

V11.5.2: Verify that the random number generation mechanism in use is designed to work securely, even under heavy demand.

ASVS Maturity

Not applicable - The control is not applicable for the given scope.

Not implemented / not verified - The control is not implemented or not verified.