[Owasp-testing] Authentication Mechanism

Seba seba at owasp.org
Tue Dec 29 05:03:34 EST 2009


You'd have to be more specific about this.
I assume these parameters reference a user/password combination?

There is no particular section in the Testing Guide that helps you identify
the exact authentication mechanism.
But the referenced page states: "... Testing the authentication schema means
understanding how the authentication process works and using that
information to circumvent the authentication mechanism."

There are numerous ways to perform authentication, so it does require an
'understanding' of how it works.
Do you feel the testing guide needs a section on this?



On Tue, Dec 29, 2009 at 5:31 AM, Zaki Akhmad <zakiakhmad at gmail.com> wrote:

> On Mon, Dec 28, 2009 at 4:17 PM, Seba <seba at owasp.org> wrote:
> > There is a whole section on authentication:
> > http://www.owasp.org/index.php/Testing_for_authentication
> If I found something like this for authentication,
> <applet>
>   <param name=" " value="  ">
>   <param name="  " value="  ">
>    ...
> </applet>
> where is it on the list?
> --
> Zaki Akhmad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20091229/4ba9f5df/attachment.html 

More information about the Owasp-testing mailing list