This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Testing for Account Enumeration and Guessable User Account (OTG-IDENT-004)
From OWASP
Revision as of 14:55, 28 July 2013 by Andrew Muller (talk | contribs) (Andrew Muller moved page Testing for Account Enumeration and Guessable User Account (OWASP-AT-002) to Testing for Account Enumeration and Guessable User Account (OTG-IDENT-004): Align with common number and cross-product correlation initiative)
Summary
Most systems are provisioning with default and test accounts to aid the installation, configuration and testing of applications. These accounts are often overlooked when the system enters production. User account names are often structured and valid account names can easily be guessed. Other times, valid account names can be searched for using internet search engines.
Test objectives
Verify the structure of account names Verify the application's response to valid and invalid account names