4.3 Identity Management Testing

Evidence:

Verify that the identity requirements for user registration are aligned with business and security requirements.

Validate the registration process.

Evidence:

Determine which roles are able to provision users and what sort of accounts they can provision.

Evidence:

Review processes that pertain to user identification looking for ways to enumerate accounts.

To obtain a wordlist of existing and not existing emails, you can execute the following command

cat registered_emails.txt | awk -F "@" '{print $1"@"$2"\n"$1"donotexist@"$2}' | xclip -sel clipboard

Evidence:

Check if there is any kind of account name structure like “[email protected]” or “[email protected]” that could lead to user name enumeration.

Evidence:

Last updated