Add attack examples to documentation

Question

danielonsecurity opened this issue 2 years ago · 0 comments

Fuzzing username/password
- Bruteforce
- User enumeration
- User registration
- Password reset
Multi-factor authentication
- Bruteforcing MFA code
- Bypassing MFA checks
Session management
- Session fixation
- Session hijacking
- Improper session termination
Authentication bypass
- Replay attack
- Missing critical authentication step
- Using alternate step to bypass security restrictions
- Missing authentication for critical functions
OAuth2.0
- bruteforcing client_id/client_secret
- redirect_uri vulnerabilities
- abusing OAuth grant types
- PKCE downgrade
- bruteforce available scopes
- automate username/password bruteforce attacks on OAuth
- CSRF attacks
- leaking authorization code
- leaking access/refresh tokens
- improper token invalidation