{"version":"1.0","provider_name":"S\u00e9curiser votre site","provider_url":"https:\/\/www.searchevolution.com\/security","author_name":"Germain","author_url":"https:\/\/www.searchevolution.com\/security\/author\/germain\/","title":"Account takeover - S\u00e9curiser votre site","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"xv3tXvfHQb\"><a href=\"https:\/\/www.searchevolution.com\/security\/2022\/11\/07\/account-takeover\/\">Account takeover<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/www.searchevolution.com\/security\/2022\/11\/07\/account-takeover\/embed\/#?secret=xv3tXvfHQb\" width=\"600\" height=\"338\" title=\"&laquo; Account takeover &raquo; &#8212; S\u00e9curiser votre site\" data-secret=\"xv3tXvfHQb\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/* ]]> *\/\n<\/script>\n","description":"Voici quelques techniques qui permettent de v\u00e9rifier si la s\u00e9curit\u00e9 pour la l&#8217;authentification sur votre service est ad\u00e9quate Account Takeover via IDOR in Password Reset Account Takeover by Password Reset Poisoning Acoount Takeover via IDOR (Post Authentication) Account Takeover via CSRF Account Takeover by Broken Cryptography Account Takeover by OAuth Misconfiguration Pre-Authentication Account Takeover Account Takeover due to Improper Rate-Limit\/Anti-Automation Checks Account Takeover by XSS Account Takeover by utilizing Sensitive Data Exposure Account Takeover due to Weak Security Policies Autres techniques pour prendre possession d&#8217;un compte Response Body Manipulation Status Code Manipulation Parameter Pollution Mass Assignment Token Forging Autres resources"}