Authentication and authorization security assessment for sessions, tokens, MFA, account takeover, IDOR, BOLA, BFLA, privilege escalation, tenant isolation, and identity boundary validation. Hands off to recon, input/protocol, access-control deep dive, exploit, or reporting workflows when those become the owner phase.
Installation
Mit Codex oder Claude installieren Kopieren Sie diesen Prompt, fügen Sie ihn in Codex, Claude oder einen anderen Assistant ein und lassen Sie die Skill-Seite prüfen und installieren.
Authentication and authorization security assessment for sessions, tokens, MFA, account takeover, IDOR, BOLA, BFLA, privilege escalation, tenant isolation, and identity boundary validation. Hands off to recon, input/protocol, access-control deep dive, exploit, or reporting workflows when those become the owner phase.
Authentication & Authorization Review
Use When
Session replay, token lifecycle, MFA behavior, account takeover, tenant isolation, or identity-boundary validation is the main question.
The task needs paired-role testing for object, function, or workflow authorization.
The next step is to distinguish authentication failure from authorization failure.
Handoff Criteria
Hand off to pentest-advanced-access-control-auditor for a deep IDOR, BOLA, BFLA, RBAC, or ownership test matrix.
Hand off to pentest-input-protocol-manipulation when parser behavior or request mutation becomes the owner blocker.
Hand off to pentest-evidence-structuring-report-synthesis when live validation is complete.