4 Assessing Authentication Schemes

This chapter covers some basic authentication penetration test cases. For background, authentication is the act of verifying whether a person’s or object’s claim of identity is true. Web penetration testers must make key assessments to determine the strength of a target application’s authentication mechanism. Such tests include username enumeration, guessable accounts, weak lockout mechanisms, authentication bypasses, browser-caching weaknesses, and account provisioning omissions, particularly related to Representational State Transfer (REST) API calls. You will learn how to use Burp Suite to perform such tests.

In this chapter, we will cover the following recipes:

Testing for account enumeration and guessable ...

Get Burp Suite Cookbook - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Burp Suite Cookbook - Second Edition by Dr. Sunny Wear

4

Assessing Authentication Schemes

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly