4 Authentication Testing

1 Testing for Credentials Transported over an Encrypted Channel

2 Testing for Default Credentials

3 Testing for Weak Lock Out Mechanism

4 Testing for Bypassing Authentication Schema

5 Testing for Vulnerable Remember Password

6 Testing for Browser Cache Weaknesses

7 Testing for Weak Password Policy

8 Testing for Weak Security Question Answer

9 Testing for Weak Password Change or Reset Functionalities

10 Testing for Weaker Authentication in Alternative Channel

11 Testing Multi-Factor Authentication