Difference between revisions of "Testing for Account Enumeration and Guessable User Account (OTG-IDENT-004)"

From OWASP
Jump to: navigation, search
(Created page with "== Summary == Most systems are provisioning with default and test accounts to aid the installation, configuration and testing of applications. These accounts are often overlo...")
 
m (Andrew Muller moved page Testing for Account Enumeration and Guessable User Account (OWASP-AT-002) to Testing for Account Enumeration and Guessable User Account (OTG-IDENT-004): Align with common number and cross-product correlation initiative)
(No difference)

Revision as of 09:55, 28 July 2013

Summary

Most systems are provisioning with default and test accounts to aid the installation, configuration and testing of applications. These accounts are often overlooked when the system enters production. User account names are often structured and valid account names can easily be guessed. Other times, valid account names can be searched for using internet search engines.

Test objectives

Verify the structure of account names Verify the application's response to valid and invalid account names


How to test

Example

Tools

References

Remediation