Authentication and authorization security assessment for sessions, tokens, MFA, account takeover, IDOR, BOLA, BFLA, privilege escalation, tenant isolation, and identity boundary validation. Hands off to recon, input/protocol, access-control deep dive, exploit, or reporting workflows when those become the owner phase.
Instalación
Instalar con Codex o Claude Copia este prompt, pégalo en Codex, Claude u otro asistente, y deja que revise la página de la skill y la instale por ti.
Authentication and authorization security assessment for sessions, tokens, MFA, account takeover, IDOR, BOLA, BFLA, privilege escalation, tenant isolation, and identity boundary validation. Hands off to recon, input/protocol, access-control deep dive, exploit, or reporting workflows when those become the owner phase.
Authentication & Authorization Review
Use When
Session replay, token lifecycle, MFA behavior, account takeover, tenant isolation, or identity-boundary validation is the main question.
The task needs paired-role testing for object, function, or workflow authorization.
The next step is to distinguish authentication failure from authorization failure.
Handoff Criteria
Hand off to pentest-advanced-access-control-auditor for a deep IDOR, BOLA, BFLA, RBAC, or ownership test matrix.
Hand off to pentest-input-protocol-manipulation when parser behavior or request mutation becomes the owner blocker.
Hand off to pentest-evidence-structuring-report-synthesis when live validation is complete.