Skip to content

Latest commit

 

History

History
39 lines (16 loc) · 920 Bytes

Day 38 Task.md

File metadata and controls

39 lines (16 loc) · 920 Bytes
Raw

🎯 Day 38 Task

✅ THM Room

https://tryhackme.com/room/sudovulnsbypass

✅ 4.3.5 Testing for Weak or Unenforced Username Policy

Test Objectives

Determine whether a consistent account name structure renders the application vulnerable to account enumeration.

Determine whether the application’s error messages permit account enumeration.

How to Test

  1. Determine the structure of account names.

  2. Evaluate the application’s response to valid and invalid account names.

  3. Use different responses to valid and invalid account names to enumerate valid account names.

  4. Use account name dictionaries to enumerate valid account names.

Note - I am making notes from Official OWASP Website you can check it from here https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/

I am just Sharing what I learn for help Other's !!!

#infosec #learn365 #owasp