Does it cover modern auth like JWT and MFA?

Yes, it includes specific testing phases for JSON Web Token (JWT) exploitation and Multi-Factor Authentication (MFA) bypass techniques.

What is the Broken Authentication skill for?

It provides structured workflows and testing methodologies to identify security flaws in how web applications handle logins, sessions, and credentials.

Does this skill integrate with external tools?

Yes, it includes commands and configurations for popular security tools like Burp Suite and Hydra to automate brute-force and session analysis tasks.

Can it help prevent account takeovers?

Absolutely. By testing for session fixation, weak password policies, and enumeration vulnerabilities, it helps developers close gaps that lead to identity theft.

Is this skill compliant with security standards?

It is designed around the OWASP Top 10 framework, focusing specifically on the Broken Authentication category of web vulnerabilities.

Broken Authentication Security Testing

Name: Broken Authentication Security Testing
Author: lingxling

bylingxling

•

安全与测试

Identifies and exploits authentication and session management vulnerabilities in web applications to prevent unauthorized access and identity theft.

This skill provides a comprehensive methodology for auditing web application security through the lens of OWASP-style authentication flaws. It guides users through ten distinct phases of testing, ranging from initial mechanism analysis and password policy evaluation to advanced exploits like JWT manipulation, MFA bypass, and session fixation. Whether performing a routine security audit or a deep penetration test, this skill offers structured workflows, command-line examples, and remediation guidance to harden credential management and session handling against sophisticated attacks.

主要功能

01In-depth analysis of session management including token entropy, fixation, and timeout policies.

02Step-by-step guidance for bypassing Multi-Factor Authentication (MFA) and exploiting weak password resets.

03Actionable remediation recommendations to secure authentication endpoints and JWT implementations.

0446 GitHub stars

05Automated brute-force and credential stuffing methodologies using tools like Hydra and Burp Suite.

06Comprehensive testing for password policy enforcement and credential enumeration.

使用场景

01Simulating brute-force attacks to verify account lockout and rate-limiting effectiveness.

02Conducting an OWASP Top 10 security audit on a new web application's login system.

03Testing session management security to prevent session hijacking and unauthorized account takeover.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add lingxling/awesome-skills-cn broken-authentication

For use in Claude.ai and ChatGPT

主要功能

01In-depth analysis of session management including token entropy, fixation, and timeout policies.

02Step-by-step guidance for bypassing Multi-Factor Authentication (MFA) and exploiting weak password resets.

03Actionable remediation recommendations to secure authentication endpoints and JWT implementations.

0446 GitHub stars

05Automated brute-force and credential stuffing methodologies using tools like Hydra and Burp Suite.

06Comprehensive testing for password policy enforcement and credential enumeration.

使用场景

01Simulating brute-force attacks to verify account lockout and rate-limiting effectiveness.

02Conducting an OWASP Top 10 security audit on a new web application's login system.

03Testing session management security to prevent session hijacking and unauthorized account takeover.