What tools are recommended for these tests?

Key recommended tools include Burp Suite Professional/Community, Hydra, custom credential wordlists, and browser developer tools.

Is this skill aligned with industry standards?

The testing methodologies provided are aligned with the OWASP Top 10 framework, focusing on the most critical risks to modern web applications.

Does this skill provide automated testing?

The skill provides the methodology, scripts, and command-line examples for tools like Hydra and Burp Suite to facilitate both manual and automated security assessments.

Can I use this for MFA security audits?

Yes, it includes specialized phases for testing MFA enrollment, OTP brute-forcing, and common multi-factor authentication bypass techniques.

What is broken authentication in web security?

Broken authentication refers to vulnerabilities in an application's login and session management systems that allow attackers to compromise passwords, keys, or session tokens to assume user identities.

Broken Authentication Testing

Name: Broken Authentication Testing
Author: claudiodearaujo

byclaudiodearaujo

安全与测试

Identifies and evaluates authentication and session management vulnerabilities in web applications to prevent unauthorized access and account takeovers.

关于

The Broken Authentication Testing skill provides a comprehensive security auditing framework for identifying critical flaws in how web applications handle user identities and sessions. Aligned with OWASP security standards, this skill guides users through advanced testing methodologies including credential stuffing, session fixation, multi-factor authentication (MFA) bypass techniques, and password policy evaluation. It is an essential utility for security researchers and developers looking to harden application defenses against identity theft, brute-force attacks, and unauthorized privilege escalation.

主要功能

MFA bypass and password reset vulnerability analysis
Credential stuffing and brute-force protection evaluation
Comprehensive OWASP-aligned authentication security audits
Automated and manual session management testing techniques
Step-by-step remediation guidance for identified security flaws
0 GitHub stars

使用场景

Conducting security penetration tests on user login and registration workflows
Verifying the strength of session token entropy and expiration policies
Testing application resilience against automated credential stuffing and brute-force attacks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter broken-authentication

For use in Claude.ai and ChatGPT

Download Skill

GitHub

关于