Broken Authentication
Reviewing login flows, session handling, and password recovery to prevent account takeover.
$
Simulated auth flow tests with safe, impact‑focused checks.
Common Issues
- Weak reset and verification flows
- Session fixation and token reuse
- Missing MFA or risk‑based checks
- Privilege escalation via auth gaps
Hardening
- Short‑lived tokens and rotation
- Secure cookies and same‑site rules
- Rate‑limit and anomaly detection
