<div>Hi,</div><div><br></div>You'd have to be more specific about this.<div>I assume these parameters reference a user/password combination?</div><div><br></div><div>There is no particular section in the Testing Guide that helps you identify the exact authentication mechanism.</div>
<div>But the referenced page states: "... <span class="Apple-style-span" style="font-family: sans-serif; font-size: 13px; line-height: 19px; ">Testing the authentication schema means understanding how the authentication process works and using that information to circumvent the authentication mechanism."</span><br>
<br></div><div>There are numerous ways to perform authentication, so it does require an 'understanding' of how it works.</div><div>Do you feel the testing guide needs a section on this?</div><div><br></div><div>regards</div>
<div><br></div><div>Seba</div><div><br><div class="gmail_quote">On Tue, Dec 29, 2009 at 5:31 AM, Zaki Akhmad <span dir="ltr"><<a href="mailto:zakiakhmad@gmail.com">zakiakhmad@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On Mon, Dec 28, 2009 at 4:17 PM, Seba <<a href="mailto:seba@owasp.org">seba@owasp.org</a>> wrote:<br>
<br>
> There is a whole section on authentication:<br>
> <a href="http://www.owasp.org/index.php/Testing_for_authentication" target="_blank">http://www.owasp.org/index.php/Testing_for_authentication</a><br>
<br>
</div>If I found something like this for authentication,<br>
<br>
<applet><br>
<param name=" " value=" "><br>
<param name=" " value=" "><br>
...<br>
</applet><br>
<br>
where is it on the list?<br>
<br>
--<br>
<font color="#888888">Zaki Akhmad<br>
</font></blockquote></div><br></div>