Authentication and authorization security assessment for sessions, tokens, MFA, account takeover, IDOR, BOLA, BFLA, privilege escalation, tenant isolation, and identity boundary validation. Hands off to recon, input/protocol, access-control deep dive, exploit, or reporting workflows when those become the owner phase.
التثبيت
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
Authentication and authorization security assessment for sessions, tokens, MFA, account takeover, IDOR, BOLA, BFLA, privilege escalation, tenant isolation, and identity boundary validation. Hands off to recon, input/protocol, access-control deep dive, exploit, or reporting workflows when those become the owner phase.
Authentication & Authorization Review
Use When
Session replay, token lifecycle, MFA behavior, account takeover, tenant isolation, or identity-boundary validation is the main question.
The task needs paired-role testing for object, function, or workflow authorization.
The next step is to distinguish authentication failure from authorization failure.
Handoff Criteria
Hand off to pentest-advanced-access-control-auditor for a deep IDOR, BOLA, BFLA, RBAC, or ownership test matrix.
Hand off to pentest-input-protocol-manipulation when parser behavior or request mutation becomes the owner blocker.
Hand off to pentest-evidence-structuring-report-synthesis when live validation is complete.