Account takeover

2022-11-07

Voici quelques techniques qui permettent de vérifier si la sécurité pour la l’authentification sur votre service est adéquate

Account Takeover via IDOR in Password Reset

Account Takeover by Password Reset Poisoning

Acoount Takeover via IDOR (Post Authentication)

Account Takeover via CSRF

Account Takeover by Broken Cryptography

Account Takeover by OAuth Misconfiguration

Pre-Authentication Account Takeover

Account Takeover due to Improper Rate-Limit/Anti-Automation Checks

Account Takeover by XSS

Account Takeover by utilizing Sensitive Data Exposure

Account Takeover due to Weak Security Policies

Autres techniques pour prendre possession d’un compte

Response Body Manipulation

Status Code Manipulation

Parameter Pollution

Mass Assignment

Token Forging

Autres resources

https://github.com/harsh-bothra/SecurityExplained/blob/main/resources/account-takeovers-methodology.md

Related Articles

About The Author

Germain

Leave a Reply

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh