🎯 Day 38 Task
✅ THM Room
https://tryhackme.com/room/sudovulnsbypass
✅ 4.3.5 Testing for Weak or Unenforced Username Policy
Test Objectives
Determine whether a consistent account name structure renders the application vulnerable to account enumeration.
Determine whether the application’s error messages permit account enumeration.
How to Test
-
Determine the structure of account names.
-
Evaluate the application’s response to valid and invalid account names.
-
Use different responses to valid and invalid account names to enumerate valid account names.
-
Use account name dictionaries to enumerate valid account names.
Note - I am making notes from Official OWASP Website you can check it from here https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp