This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Testing for authentication"
m (Amend Authentication links) |
|||
(24 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
− | {{Template:OWASP Testing Guide | + | {{Template:OWASP Testing Guide v4}} |
− | + | ''' 4.5 Authentication Testing ''' | |
---- | ---- | ||
+ | |||
Authentication (Greek: αυθεντικός = real or genuine, from 'authentes' = author ) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. Authenticating an object may mean confirming its provenance, whereas authenticating a person often consists of verifying her identity. Authentication depends upon one or more authentication factors. | Authentication (Greek: αυθεντικός = real or genuine, from 'authentes' = author ) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. Authenticating an object may mean confirming its provenance, whereas authenticating a person often consists of verifying her identity. Authentication depends upon one or more authentication factors. | ||
− | |||
− | |||
− | |||
− | [[Testing for | + | In computer security, authentication is the process of attempting to verify the digital identity of the sender of a communication. A common example of such a process is the log on process. Testing the authentication schema means understanding how the authentication process works and using that information to circumvent the authentication mechanism. |
− | + | ||
+ | |||
+ | [[Testing for Credentials Transported over an Encrypted Channel (OTG-AUTHN-001)|4.5.1 Testing for Credentials Transported over an Encrypted Channel (OTG-AUTHN-001)]] | ||
+ | |||
+ | [[Testing for default credentials (OTG-AUTHN-002)|4.5.2 Testing for default credentials (OTG-AUTHN-002)]] | ||
+ | |||
+ | [[Testing for Weak lock out mechanism (OTG-AUTHN-003)|4.5.3 Testing for Weak lock out mechanism (OTG-AUTHN-003)]] | ||
− | [[Testing for | + | [[Testing for Bypassing Authentication Schema (OTG-AUTHN-004)|4.5.4 Testing for bypassing authentication schema (OTG-AUTHN-004)]] |
− | |||
− | [[Testing for | + | [[Testing for Vulnerable Remember Password (OTG-AUTHN-005)|4.5.5 Test remember password functionality (OTG-AUTHN-005)]] |
− | |||
− | [[Testing for | + | [[Testing for Browser cache weakness (OTG-AUTHN-006)|4.5.6 Testing for Browser cache weakness (OTG-AUTHN-006)]] |
− | |||
− | [[Testing for | + | [[Testing for Weak password policy (OTG-AUTHN-007)|4.5.7 Testing for Weak password policy (OTG-AUTHN-007)]] |
− | password | ||
− | |||
− | [[Testing for | + | [[Testing for Weak security question/answer (OTG-AUTHN-008)|4.5.8 Testing for Weak security question/answer (OTG-AUTHN-008)]] |
− | |||
− | [[Testing for | + | [[Testing for weak password change or reset functionalities (OTG-AUTHN-009)|4.5.9 Testing for weak password change or reset functionalities (OTG-AUTHN-009)]] |
− | |||
− | [[Testing | + | [[Testing for Weaker authentication in alternative channel (OTG-AUTHN-010)|4.5.10 Testing for Weaker authentication in alternative channel (OTG-AUTHN-010)]] |
− |
Latest revision as of 13:32, 5 August 2014
This article is part of the new OWASP Testing Guide v4.
Back to the OWASP Testing Guide v4 ToC: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Back to the OWASP Testing Guide Project: https://www.owasp.org/index.php/OWASP_Testing_Project
4.5 Authentication Testing
Authentication (Greek: αυθεντικός = real or genuine, from 'authentes' = author ) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. Authenticating an object may mean confirming its provenance, whereas authenticating a person often consists of verifying her identity. Authentication depends upon one or more authentication factors.
In computer security, authentication is the process of attempting to verify the digital identity of the sender of a communication. A common example of such a process is the log on process. Testing the authentication schema means understanding how the authentication process works and using that information to circumvent the authentication mechanism.
4.5.1 Testing for Credentials Transported over an Encrypted Channel (OTG-AUTHN-001)
4.5.2 Testing for default credentials (OTG-AUTHN-002)
4.5.3 Testing for Weak lock out mechanism (OTG-AUTHN-003)
4.5.4 Testing for bypassing authentication schema (OTG-AUTHN-004)
4.5.5 Test remember password functionality (OTG-AUTHN-005)
4.5.6 Testing for Browser cache weakness (OTG-AUTHN-006)
4.5.7 Testing for Weak password policy (OTG-AUTHN-007)
4.5.8 Testing for Weak security question/answer (OTG-AUTHN-008)
4.5.9 Testing for weak password change or reset functionalities (OTG-AUTHN-009)
4.5.10 Testing for Weaker authentication in alternative channel (OTG-AUTHN-010)