Voici quelques techniques qui permettent de vérifier si la sécurité pour la l’authentification sur votre service est adéquate
Account Takeover via IDOR in Password Reset
Account Takeover by Password Reset Poisoning
Acoount Takeover via IDOR (Post Authentication)
Account Takeover via CSRF
Account Takeover by Broken Cryptography
Account Takeover by OAuth Misconfiguration
Pre-Authentication Account Takeover
Account Takeover due to Improper Rate-Limit/Anti-Automation Checks
Account Takeover by XSS
Account Takeover by utilizing Sensitive Data Exposure
Account Takeover due to Weak Security Policies
Autres techniques pour prendre possession d’un compte
Response Body Manipulation
Status Code Manipulation
Parameter Pollution
Mass Assignment
Token Forging
Autres resources
https://github.com/harsh-bothra/SecurityExplained/blob/main/resources/account-takeovers-methodology.md