creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 05:34:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d547391908f2912b7ac06dd0577c8a40cb04f9fc
Anthropic-Cybersecurity-Skills/skills/testing-mobile-api-authentication/references/standards.md
T

1.4 KiB
Raw Blame History

Standards Reference: Mobile API Authentication Testing

OWASP Mobile Top 10 2024

OWASP ID Risk Testing Focus
M1 Improper Credential Usage Hardcoded API keys, credential transmission
M3 Insecure Authentication/Authorization Auth bypass, IDOR, privilege escalation

OWASP API Security Top 10 2023

API Risk Test Case
API1: Broken Object Level Authorization Modify object IDs, test cross-user access
API2: Broken Authentication JWT vulnerabilities, token replay, session management
API3: Broken Object Property Level Auth Mass assignment, property-level access
API5: Broken Function Level Authorization Admin endpoint access with user tokens

OWASP MASVS v2.0 - MASVS-AUTH

Control Test Method
MASVS-AUTH-1 Verify authentication enforcement on all sensitive endpoints
MASVS-AUTH-2 Test token generation, validation, and revocation
MASVS-AUTH-3 Assess multi-factor authentication implementation

CWE Mappings

CWE Title Test
CWE-287 Improper Authentication Missing auth on endpoints
CWE-639 Authorization Bypass Through User-Controlled Key IDOR testing
CWE-798 Hardcoded Credentials API key in APK/IPA
CWE-613 Insufficient Session Expiration Token lifetime testing
CWE-384 Session Fixation Pre-auth token reuse
Reference in New Issue View Git Blame Copy Permalink