Does this skill support MFA testing?

Yes, it includes specific workflows for testing multi-factor authentication enrollment, OTP brute-forcing, and common bypass techniques.

Can I use this for automated brute-force attacks?

The skill provides structured methodologies and recommended tool commands for Hydra and Burp Suite to facilitate systematic brute-force and credential stuffing tests.

What tools are required to use this skill effectively?

Effective testing requires security tools such as Burp Suite, Hydra, browser developer tools, and custom wordlists for credential testing.

Is this skill aligned with security standards?

Yes, the testing techniques and methodologies provided are closely aligned with the OWASP Top 10 framework for web application security.

What is broken authentication testing?

It is a security testing process aimed at finding flaws in how an application verifies user identities and manages active sessions, which could lead to account compromise.

Broken Authentication Security Testing

Name: Broken Authentication Security Testing
Author: zebbern

byzebbern

•

2,883

•

安全与测试

Conducts comprehensive security audits for authentication mechanisms and session management to identify vulnerabilities like credential stuffing and session fixation.

This skill provides a specialized framework for testing web application security against broken authentication vulnerabilities, consistently ranked in the OWASP Top 10. It guides users through systematic phases including password policy evaluation, credential enumeration, brute-force protection testing, and session lifecycle analysis. By implementing production-grade methodologies, it helps developers and security researchers identify account takeover risks, MFA bypasses, and insecure session token handling to prevent identity theft and unauthorized access.

主要功能

012,883 GitHub stars

02Systematic password policy and credential enumeration testing

03Password reset workflow security auditing and token manipulation

04Multi-factor authentication (MFA) bypass and rate-limiting evaluation

05Deep session management analysis including token entropy and fixation tests

06Automated brute-force and credential stuffing attack simulations

使用场景

01Performing an OWASP Top 10 security audit for web application login flows

02Hardening session management to prevent hijacking and unauthorized access

03Validating the effectiveness of account lockout and rate-limiting protections

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add zebbern/claude-code-guide broken-authentication

For use in Claude.ai and ChatGPT

Download Skill