4.3 Identity Management Testing
4.3.1 Test Role Definitions
Evidence:
Verify that the identity requirements for user registration are aligned with business and security requirements.
Validate the registration process.
Evidence:
Determine which roles are able to provision users and what sort of accounts they can provision.
Evidence:
Review processes that pertain to user identification looking for ways to enumerate accounts.
To obtain a wordlist of existing and not existing emails, you can execute the following command
cat registered_emails.txt | awk -F "@" '{print $1"@"$2"\n"$1"donotexist@"$2}' | xclip -sel clipboard
Evidence:
Check if there is any kind of account name structure like “[email protected]” or “[email protected]” that could lead to user name enumeration.
Evidence:
Last updated