Account takeover

Voici quelques techniques qui permettent de vérifier si la sécurité pour la l’authentification sur votre service est adéquate

Account Takeover via IDOR in Password Reset

Account Takeover by Password Reset Poisoning

Acoount Takeover via IDOR (Post Authentication)

Account Takeover via CSRF

Account Takeover by Broken Cryptography

Account Takeover by OAuth Misconfiguration

Pre-Authentication Account Takeover

Account Takeover due to Improper Rate-Limit/Anti-Automation Checks

Account Takeover by XSS

Account Takeover by utilizing Sensitive Data Exposure

Account Takeover due to Weak Security Policies

Autres techniques pour prendre possession d’un compte

Response Body Manipulation

Status Code Manipulation

Parameter Pollution

Mass Assignment

Token Forging

Autres resources

https://github.com/harsh-bothra/SecurityExplained/blob/main/resources/account-takeovers-methodology.md

Laisser un commentaire