Testing for Account Enumeration and Guessable User Account
OWASP Web Security Testing Guide 4.2 > 3. Identity Management Testing > 3.4. Testing for Account Enumeration and Guessable User Account
ID | Link to Hackinglife | Link to OWASP | Description |
---|---|---|---|
3.4 | WSTG-IDNT-04 | Testing for Account Enumeration and Guessable User Account | - Review processes that pertain to user identification (e.g. registration, login, etc.). - Enumerate users where possible through response analysis. |