Skip to content

Getting Started

General Starting Point

  • Map entire auth flow / attack surface
  • Proxy requests, target a functionality, step through entire process, then review every step in the chain via the proxy requests.
  • Create multiple accounts for testing
  • Check for brute-force protection
  • Is the application using a standard library?
  • Logic Flaws
  • Inspect tokens

Wordlist Resources