Dashboard Hunt Learn Certs Journal Flashcards

Search

Press ESC to close
Notifications

No new notifications

Settings

Study Preferences

Daily Study Goal Hours per day
Flashcard Session Size Cards per session

Notifications

Study Reminders Daily reminder to study
Flashcard Due Alerts When cards are due for review

Display

Theme Color scheme
Back to Modules
auth

OAuth/OIDC Attacks

OAuth 2.0 and OpenID Connect security testing

0%
90 min
Tier 2
5 flashcards

Key Concepts

Security Mindset

Think like an attacker - what can go wrong, what can be abused?

Defense in Depth

Multiple layers of security controls, no single point of failure.

Least Privilege

Grant minimum permissions needed for functionality.

Trust Boundaries

Identify where data crosses trust levels and validate at each boundary.

Learning Material

What You'll Learn

OAuth 2.0 and OpenID Connect security testing

Security Mindset

Think like an attacker - what can go wrong, what can be abused?

Defense in Depth

Multiple layers of security controls, no single point of failure.

Least Privilege

Grant minimum permissions needed for functionality.

Trust Boundaries

Identify where data crosses trust levels and validate at each boundary.

Authentication & Authorization Research

Purpose: Deep understanding of auth vulnerabilities for bug bounty hunting
Priority: CRITICAL (identified as primary gap in H1 infrastructure)
Last Updated: December 28, 2025

Why This Matters

From your GAP_ANALYSIS_2025.md: - IDOR/BAC: $5K-$50K payouts, +29% YoY growth - Auth Bypass: $10K-$100K payouts, rising trend - Current tooling: ❌ CRITICAL GAP

This section builds the knowledge needed to leverage: - h1-auth-agent - auth_specialist.py - idor-hunt.sh

Contents

Core Concepts

  1. Authentication Fundamentals
  2. Authorization Models
  3. Session Management

Attack Techniques

  1. Password Reset Attacks
  2. JWT Vulnerabilities
  3. OAuth/OIDC Attacks
  4. MFA Bypass
  5. IDOR/BAC Testing
  6. Session Attacks

Tools & Testing

  1. Testing Methodology
  2. Tool Reference

Case Studies

  • Case Studies Index

Quick Reference

Authentication Attack Priority

Attack Type Payout Range Difficulty Your Agent
Account Takeover (Full) $10K-$100K Hard h1-auth-agent
Password Reset Poisoning $5K-$20K Medium h1-auth-agent
OAuth Token Theft $5K-$15K Medium h1-auth-agent
JWT Algorithm Confusion $3K-$10K Medium auth_specialist.py
2FA Bypass $5K-$25K Hard h1-auth-agent
Session Fixation $1K-$5K Easy h1-auth-agent

Authorization Attack Priority

Attack Type Payout Range Difficulty Your Agent
Horizontal IDOR $5K-$50K Medium h1-auth-agent
Vertical Privilege Escalation $10K-$50K Hard h1-auth-agent
Missing Function-Level Access $3K-$15K Medium h1-auth-agent
Mass Assignment $1K-$5K Easy h1-api-agent

Key Principles

Authentication Security (OWASP)

  1. Password Requirements
  2. With MFA: Minimum 8 characters
  3. Without MFA: Minimum 15 characters
  4. Maximum: At least 64 characters

  5. Allow all characters including unicode/whitespace

  6. MFA Effectiveness

  7. "Prevents 99.9% of account compromises" - Microsoft

  8. Session Management

  9. Regenerate session ID after authentication
  10. Minimum 64 bits of entropy
  11. HttpOnly, Secure, SameSite cookie flags

Authorization Security (OWASP)

  1. Core Principles
  2. Deny by default
  3. Validate on every request
  4. Server-side validation only

  5. Least privilege

  6. Preferred Models

  7. ABAC (Attribute-Based) over RBAC (Role-Based)
  8. ReBAC (Relationship-Based) for complex hierarchies

Testing Checklist

AUTHENTICATION TESTING
□ Test for username enumeration
□ Check password policy enforcement
□ Test account lockout mechanism
□ Verify session token randomness
□ Check for default credentials
□ Test password reset flow
□ Test JWT implementation
□ Test OAuth redirect_uri
□ Test 2FA bypass methods

AUTHORIZATION TESTING
□ Test all IDs for IDOR
□ Test horizontal privilege escalation
□ Test vertical privilege escalation
□ Check admin endpoints with user tokens
□ Test HTTP method variation
□ Check for mass assignment
□ Verify consistent authorization
  • Previous: 00_foundation
  • Next: 02_api_security
  • Main: Knowledge Base README

Practical Examples

Practice examples coming soon. Check the Certs section for related labs.

Test Questions

Q

What are common authentication vulnerabilities?

Q

How does session fixation work?

Q

What should happen to session ID after login?

Test Your Knowledge

Review these flashcards to reinforce your understanding

Q

What are common authentication vulnerabilities?

A

Tap to reveal

Q

How does session fixation work?

A

Tap to reveal

Q

What should happen to session ID after login?

A

Tap to reveal

Start Flashcard Review

Your Progress

Started
2
Halfway
3
Complete

Study Tips

  • Read through the concepts first
  • Try the practice labs hands-on
  • Review flashcards daily
  • Document what you learn in your journal