Authentication and authorization security assessment for sessions, tokens, MFA, account takeover, IDOR, BOLA, BFLA, privilege escalation, tenant isolation, and identity boundary validation. Hands off to recon, input/protocol, access-control deep dive, exploit, or reporting workflows when those become the owner phase.
Installation
Installer avec Codex ou Claude Copiez ce prompt, collez-le dans Codex, Claude ou un autre assistant, puis laissez-le vérifier la page du skill et l'installer pour vous.
Authentication and authorization security assessment for sessions, tokens, MFA, account takeover, IDOR, BOLA, BFLA, privilege escalation, tenant isolation, and identity boundary validation. Hands off to recon, input/protocol, access-control deep dive, exploit, or reporting workflows when those become the owner phase.
Authentication & Authorization Review
Use When
Session replay, token lifecycle, MFA behavior, account takeover, tenant isolation, or identity-boundary validation is the main question.
The task needs paired-role testing for object, function, or workflow authorization.
The next step is to distinguish authentication failure from authorization failure.
Handoff Criteria
Hand off to pentest-advanced-access-control-auditor for a deep IDOR, BOLA, BFLA, RBAC, or ownership test matrix.
Hand off to pentest-input-protocol-manipulation when parser behavior or request mutation becomes the owner blocker.
Hand off to pentest-evidence-structuring-report-synthesis when live validation is complete.