Add attack examples to documentation
danielonsecurity opened this issue · 0 comments
danielonsecurity commented
- Fuzzing username/password
- Bruteforce
- User enumeration
- User registration
- Password reset
- Multi-factor authentication
- Bruteforcing MFA code
- Bypassing MFA checks
- Session management
- Session fixation
- Session hijacking
- Improper session termination
- Authentication bypass
- Replay attack
- Missing critical authentication step
- Using alternate step to bypass security restrictions
- Missing authentication for critical functions
- OAuth2.0
- bruteforcing client_id/client_secret
- redirect_uri vulnerabilities
- abusing OAuth grant types
- PKCE downgrade
- bruteforce available scopes
- automate username/password bruteforce attacks on OAuth
- CSRF attacks
- leaking authorization code
- leaking access/refresh tokens
- improper token invalidation