4.3 Identity Management Testing
4.3.1 Test Role Definitions
Evidence:
â
Verify that the identity requirements for user registration are aligned with business and security requirements.
Validate the registration process.
Evidence:
â
Determine which roles are able to provision users and what sort of accounts they can provision.
Evidence:
â
Review processes that pertain to user identification looking for ways to enumerate accounts.
To obtain a wordlist of existing and not existing emails, you can execute the following command
cat registered_emails.txt | awk -F "@" '{print $1"@"$2"\n"$1"donotexist@"$2}' | xclip -sel clipboard
Evidence:
â
Check if there is any kind of account name structure like âJohn.deer@email.comâ or âjdeer@email.comâ that could lead to user name enumeration.
Evidence:
â
Last updated