Does this skill support MFA testing?

Yes, it includes specific workflows for testing multi-factor authentication enrollment, OTP brute-forcing, and common bypass techniques.

Can I use this for automated brute-force attacks?

The skill provides structured methodologies and recommended tool commands for Hydra and Burp Suite to facilitate systematic brute-force and credential stuffing tests.

What tools are required to use this skill effectively?

Effective testing requires security tools such as Burp Suite, Hydra, browser developer tools, and custom wordlists for credential testing.

Is this skill aligned with security standards?

Yes, the testing techniques and methodologies provided are closely aligned with the OWASP Top 10 framework for web application security.

What is broken authentication testing?

It is a security testing process aimed at finding flaws in how an application verifies user identities and manages active sessions, which could lead to account compromise.

Broken Authentication Security Testing

Name: Broken Authentication Security Testing
Author: zebbern

byzebbern

•

2,883

보안 및 테스팅

Conducts comprehensive security audits for authentication mechanisms and session management to identify vulnerabilities like credential stuffing and session fixation.

소개

This skill provides a specialized framework for testing web application security against broken authentication vulnerabilities, consistently ranked in the OWASP Top 10. It guides users through systematic phases including password policy evaluation, credential enumeration, brute-force protection testing, and session lifecycle analysis. By implementing production-grade methodologies, it helps developers and security researchers identify account takeover risks, MFA bypasses, and insecure session token handling to prevent identity theft and unauthorized access.

주요 기능

2,883 GitHub stars
Systematic password policy and credential enumeration testing
Password reset workflow security auditing and token manipulation
Multi-factor authentication (MFA) bypass and rate-limiting evaluation
Deep session management analysis including token entropy and fixation tests
Automated brute-force and credential stuffing attack simulations

사용 사례

Performing an OWASP Top 10 security audit for web application login flows
Hardening session management to prevent hijacking and unauthorized access
Validating the effectiveness of account lockout and rate-limiting protections

소개

주요 기능

2,883 GitHub stars
Systematic password policy and credential enumeration testing
Password reset workflow security auditing and token manipulation
Multi-factor authentication (MFA) bypass and rate-limiting evaluation
Deep session management analysis including token entropy and fixation tests
Automated brute-force and credential stuffing attack simulations

사용 사례

Performing an OWASP Top 10 security audit for web application login flows
Hardening session management to prevent hijacking and unauthorized access
Validating the effectiveness of account lockout and rate-limiting protections