Applications responsible for password management inherit a tremendous amount of risk and responsibility. User passwords must be created with sufficient length/complexity, stored securely, and protected from brute force and cracking attempts.

In this section, we will walk you through the rules in PUMA scan analyzers to catch vulnerabilities related to weak password management vulnerabilities in ASP.NET web projects. The following password management rules are currently supported in PUMA scan analyzers:

• ASP.NET Identity Weak Password Complexity
• ASP.NET Identity Missing Password Lockout

You can read more details about these rules at https://www.pumascan.com/rules.html#password-management.