Test Account Provisioning Process (OTG-IDENT-003)

From OWASP
Revision as of 09:42, 28 July 2013 by Andrew Muller (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

Summary

The provisioning of accounts presents an opportunity for an attacker to create a valid account without application of the proper identification and authorization process.

Test objectives

Verify which accounts may provision other accounts and of what type

How to test

Example

Tools

References

Remediation