4 Authentication Testing

4.1 Testing for Credentials Transported over an Encrypted Channel

4.2 Testing for Default Credentials

4.3 Testing for Weak Lock Out Mechanism

4.4 Testing for Bypassing Authentication Schema

4.5 Testing for Vulnerable Remember Password

4.6 Testing for Browser Cache Weaknesses

4.7 Testing for Weak Password Policy

4.8 Testing for Weak Security Question Answer

4.9 Testing for Weak Password Change or Reset Functionalities

4.10 Testing for Weaker Authentication in Alternative Channel

4.11 Testing Multi-Factor Authentication