agentskills.codes
BR

Broken Authentication Testing

This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive

Install

mkdir -p .claude/skills/broken-authentication-testing-ngquoctoan2001 && curl -L -o skill.zip "https://agentskills.codes/api/skills/download/14026" && unzip -o skill.zip -d .claude/skills/broken-authentication-testing-ngquoctoan2001 && rm skill.zip

Installs to .claude/skills/broken-authentication-testing-ngquoctoan2001

Activation

This is the description your AI agent reads to decide when to run this skill — the better it matches your request, the more reliably it fires.

This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications.
397 chars✓ has a “when” triggerlonger than Claude Code's old 250-char listing cap (fine on current versions)

About this skill

Broken Authentication Testing

Purpose

Identify and exploit authentication and session management vulnerabilities in web applications. Broken authentication consistently ranks in the OWASP Top 10 and can lead to account takeover, identity theft, and unauthorized access to sensitive systems. This skill covers testing methodologies for password policies, session handling, multi-factor authentication, and credential management.

Prerequisites

🧠 Knowledge Modules (Fractal Skills)

1. Required Knowledge

2. Required Tools

3. Required Access

4. Phase 1: Authentication Mechanism Analysis

5. Phase 2: Password Policy Testing

6. Phase 3: Credential Enumeration

7. Phase 4: Brute Force Testing

8. Phase 5: Credential Stuffing

9. Phase 6: Session Management Testing

10. Phase 7: Session Fixation Testing

11. Phase 8: Session Timeout Testing

12. Phase 9: Multi-Factor Authentication Testing

13. Phase 10: Password Reset Testing

14. Common Vulnerability Types

15. Credential Testing Payloads

16. Session Cookie Flags

17. Rate Limiting Bypass Headers

18. Legal Requirements

19. Technical Limitations

20. Scope Considerations

21. Example 1: Account Lockout Bypass

22. Example 2: JWT Token Attack

23. Example 3: Password Reset Token Exploitation

Search skills

Search the agent skills registry