Authentication and authorization security assessment for sessions, tokens, MFA, account takeover, IDOR, BOLA, BFLA, privilege escalation, tenant isolation, and identity boundary validation. Hands off to recon, input/protocol, access-control deep dive, exploit, or reporting workflows when those become the owner phase.
Instalação
Instalar com Codex ou Claude Copie este prompt, cole no Codex, Claude ou outro assistente e deixe que ele revise a página da skill e instale para você.
Authentication and authorization security assessment for sessions, tokens, MFA, account takeover, IDOR, BOLA, BFLA, privilege escalation, tenant isolation, and identity boundary validation. Hands off to recon, input/protocol, access-control deep dive, exploit, or reporting workflows when those become the owner phase.
Authentication & Authorization Review
Use When
Session replay, token lifecycle, MFA behavior, account takeover, tenant isolation, or identity-boundary validation is the main question.
The task needs paired-role testing for object, function, or workflow authorization.
The next step is to distinguish authentication failure from authorization failure.
Handoff Criteria
Hand off to pentest-advanced-access-control-auditor for a deep IDOR, BOLA, BFLA, RBAC, or ownership test matrix.
Hand off to pentest-input-protocol-manipulation when parser behavior or request mutation becomes the owner blocker.
Hand off to pentest-evidence-structuring-report-synthesis when live validation is complete.