Broken Authentication Testing

Purpose

Identify and exploit authentication and session management vulnerabilities in web applications. Broken authentication consistently ranks in the OWASP Top 10 and can lead to account takeover, identity theft, and unauthorized access to sensitive systems. This skill covers testing methodologies for password policies, session handling, multi-factor authentication, and credential management.

Prerequisites

Required Knowledge

• HTTP protocol and session mechanisms
• Authentication types (SFA, 2FA, MFA)
• Cookie and token handling
• Common authentication frameworks

Required Tools

• Burp Suite Professional or Community
• Hydra or similar brute-force tools
• Custom wordlists for credential testing
• Browser developer tools